Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/31/2007
02:29 AM
50%
50%

XSS Book Published

WhiteHat Security announced the availability of Jeremiah Grossman's book - Cross-Site Scripting Attacks: XSS Exploits and Attacks

LAS VEGAS -- WhiteHat Security today announced the availability of Jeremiah Grossman’s book – Cross-Site Scripting Attacks: XSS Exploits and Attacks. The book offers a detailed definition of the attack, how it is executed and defensive measures available to address the most prevalent website vulnerability today – XSS. Grossman has teamed up with respected industry experts Seth Fogie, Robert Hansen, Anton Rager and Petko D. Petkov to provide an all-encompassing view of this attack and how it can be prevented effectively.

The book discusses the concepts, methodology, and technology that make XSS a significant concern. How significant? As recently as April 2007, WhiteHat Security’s Website Security Statistics Report demonstrated that XSS is the most common attack today, affecting eight out of 10 websites. The authors explore various types of XSS attacks, how they are implemented, used, and abused. Real-world examples of XSS malware show how it is a dangerous risk that exposes Internet users to remote access, sensitive data theft, and monetary losses. The book closes by examining the ways developers can guard against XSS vulnerabilities in their web applications, and how users can avoid becoming victims.

The authors are undisputed industry experts who provide a real-world glimpse into XSS. Readers are exposed to independent, bleeding-edge research, code listings and exploits that can not be found anywhere else. Grossman and Hansen will be holding a book signing to promote the new release during this year’s Black Hat Briefings in Las Vegas on August 1st at 12:30 p.m. at the BreakPoint Bookstore near the Black Hat registration booth. The signing is immediately following Grossman’s highly anticipated presentation, “Hacking Intranet Websites from the Outside (Take 2) - Fun with and without JavaScript malware,” on Wednesday August 1st from 11:15 – 12:30 p.m.

“The prevalence of XSS has a serious affect on website security; this book provides a much needed deep technical look into a very dangerous attack,” said Grossman. “I’m thrilled to have had the opportunity to work along side such stellar subject matter experts and hope this book continues the ongoing industry dialogue regarding vulnerabilities and remediation.”

WhiteHat Security

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17513
PUBLISHED: 2019-10-18
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.
CVE-2019-8216
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8217
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-8218
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8219
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .