In another post
, I said I would talk about the OWASP Top 10, which is a list of the 10 most dangerous current Web application security flaws. This list, interestingly, is built into both the PCI DSS
standard as well as Shared Assessments
#1 on the OWASP Top 10 is Cross Site Scripting (XSS)
, which, per OWASP is:whenever an application takes user supplied data and sends it to a web
browser without first validating or encoding that content. XSS allows
attackers to execute script in the victim's browser which can hijack
user sessions, deface web sites, possibly introduce worms, etc.
For more information on XSS, check out this nice FAQ
In the next post we will cover #2 on the Top 10.DID YOU KNOW?
Shared Assessments' Application Vulnerability Assessment actually contains 11
attributes. Can you name #11?