About the author
Christian Stottmeister is a technical projectmanager responsible for large website setups with a personal interest in security, web technology and projectmanagement issues. Contact information and more details about Stotti can be found here.
@cstottmeister on Twitter
- What you just saw whas the first tweet of my son. ;) At the same time it was my last tweet for the next two weeks. We're on vacation. Twitter 2010/07/24
- vce3434q2w33s37zthblxc te tr5 gtr5f Twitter 2010/07/24
- RT @xperseguers: Relatively unknown feature of #TYPO3: the trash in fileadmin: http://bit.ly/dvCK3k Your editors won't lose files anymore! Twitter 2010/07/21
- Had a nice evening at @GameDuell_DE's listening to @andremichelle. Thanks for the event! #gdtechtalk Twitter 2010/07/21
- Heading for #gdtechtalk at @@GameDuell_DE. Unfortunately we'll be a bit late. Twitter 2010/07/20
-
RSS Links
Most popular posts of last month
License
This work by Christian Stottmeister is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Germany.
License
This work by Christian Stottmeister is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Germany.
The origins of Cross Site Scripting
Cross Site Scripting (XSS) celebrates its 10th birthday this december. Well, it is not exactly definable when the first XSS hack popped up, but at least the term originates in mid-December of 1999. David Ross, security engineer at Microsoft, just shared this short anecdote and wrote which terms were in discussion for the thing we now know as XSS as well:
I think i like “Fraudulent Scripting.”
Anyway, i absolutely agree to Davids conclusion to his post:
Exactly, Cross Site Scripting has to vanish. Keep your code clean, validate every input and adopt common security principles!