XeeK, framework d’exploitation pour XSS
La faille XSS, ou Cross-Site Scripting, est certainement la plus répandue sur le Web. Tous les débutants dans le domaine de la sécurité informatique ou du hacking la connaissent et savent comment voler un cookie ou afficher un message d’erreur,...

Internet banking po slovensky
Ak ste sa stali obeťou zlodeja a prišli ste o peniaze z vášho účtu, pravdepodobne ste už prešli kolotočom problémov, ktoré vás stretnú pri snahe o získanie odcudzených prostriedkov. Často krát sa však k nim dostať nepodarí. Banky rady...

Validating Untrusted String Inputs
Subscribe To Our Feed | Follow Us On Twitter----Alright!! In my last post about untrusted inputs, we talked about validating the data of the “integer” input parameters, checking the out parameters et cetera.This time, we’ll talk about other types...

OWASP - Open web application security Project
Open web application security Project

google-caja - Google Code
"Caja (pronounced "KA-ha") is "virtual iframes": it allows you to put untrusted third-party HTML and JavaScript inline in your page and still be secure"

ESET NOD32 台灣官方網站存在XSS安全漏洞
ESET NOD32 台灣官方網站存在XSS (Cross-Site Scripting) 安全漏洞 (ESET NOD32 香港官方網站存在XSS安全漏洞也尚未修復 )。跨站腳本攻擊(XSS)：駭客利用網站上允許使用者輸入...

Security Compass - Application Security
Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use.

anehta - Google Code
"anehta" is a php/javascript based platform to make XSS or other web attacks much easier. It contains a javascript framework which have many attack APIs to help writing XSS payloads. It also supply better UI and more complex hosts management.

Preventing CSRF and XSRF Attacks
"When a user visits a site, the site should generate a (cryptographically strong) pseudorandom value and set it as a cookie on the user’s machine. The site should require every form submission to include this pseudorandom value as a form value and...