XSS Filter

Defending Websites from XSS attacks with ModSecurity 2.7.3 and OWASP Core Rule Set 2.2.7

Even though cross-site scripting vulnerabilities have a 15-year history, they remain a big problem in the web security space. According to our research, there are hundreds of new issues discovered each month, and at least a few of them are being used in high-severity attacks. The general problem of cross-site scripting has no easy solution. …

Defending Websites from XSS attacks with ModSecurity 2.7.3 and OWASP Core Rule Set 2.2.7 Read More »

Sharepoint XSS issue

Today we released Security Advisory 983438 informing customers of a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0.  Here we would like to give further technical information about this vulnerability. What is the attack vector? The advisory states that the vulnerability could allow Elevation of Privilege (EoP) within the SharePoint site …

Sharepoint XSS issue Read More »

IE 8 XSS Filter Architecture / Implementation

Recently we announced the Internet Explorer 8 XSS Filter and talked a bit about its design philosophy. This post will describe the filter’s architecture and implementation in more detail. Design Goals The Internet Explorer 8 XSS Filter is intended to mitigate reflected / “Type-1” XSS vulnerabilities in a way that does not “break the web.” …

IE 8 XSS Filter Architecture / Implementation Read More »

The IE8 XSS Filter

Hello, our team and IE have recently collaborated on a new IE8 feature that was announced today – the XSS Filter.  Check it out here: http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx This effort demonstrates our commitment to helping our product teams benefit from the knowledge we have gained while defending our products from attack.  Stay tuned to our blog for more stories like this in weeks to …

The IE8 XSS Filter Read More »