Hands On Series | Man Vs WebApp

The “Hands on Series” continues!

Standard Podcast [ 38:10 ] Play Now | Play in Popup | Download (16190)

In this episode we start dealing with Cross Site Scripting (XSS) attacks.

CSS = Cascading Style Sheets
XSS = Cross Site Scripting

Cross Site Scripting is a technique used to add script to a trusted site that will be executed on other users browsers.
A key element to XSS is that one user can submit data to a website that will later be displayed for other users.
It is nessesary that the bad guy NOT mess up the HTML structure, otherwise the result will be web defacement rather then attacking other users.

The hackme site has been updated and improved (more about that in a moment)

and now includes a section for XSS which we will be using in this episode.

Continue reading “Hands On Series – Cross Site Scripting (XSS) Part 1” »

The start of the “Hands on Series”, which means that there are actual
hands on excersises to go along with these shows.

Standard Podcast [ 58:03 ] Play Now | Play in Popup | Download (13609)

I feel that its time to go beyond the concepts, the chatter about what bad guys can do,
and actually show you directly. Let you see for yourself the saying goes.

I recommend that you listen to these episodes while viewing the hacking test site and
have the show notes visible and ready to cut and paste from.

http://hackme.ntobjectives.com/- The new site setup for you to practice web app hacking.Includes detailed notes and samples that can be used to practice with.
Web App Hacking Toolkit – Collection of tools and links helpful for web security.
Jonathan Coulton’s Things a Week – Where the Code Monkey song came from.

Continue reading “Hands On Series – SQL Injection Part 1” »