I saw this great podcast on cross-site scripting (XSS) attacks come through on Sam’s del.icio.us links. Dan Kuykendall covers the anatomy of an XSS vulnerability starting at square one.
If you are somewhat familiar with XSS this might be review, but I strongly recommend it if you are looking for a place to start becoming familiar with XSS. Dan walks through a few types of vulnerabilities, and has a honeypot web site where you can try them out during the podcast. He even goes so far as to walk you through some examples that don’t work – giving you insight into how crackers have to probe to fine vulnerabilities.
Great job, Dan and thanks for the tip, Sam. If anyone else has good sources for XSS info, please comment or for: me in del.icio.us.
Sam is also posting some great stuff on Ajax security, so be sure to check that out, too.