Shreeraj Shah is founder of Net Square and leads Net Square's consulting, training and R&D activities. He is also the co-author of 'Web Hacking: Attacks and Defense,' published by Addison Wesley. He has published several advisories, tools, and white papers as researcher, and has presented at conferences including HackInTheBox, RSA, Blackhat, OSCON, Bellua, Syscan, CII, NASSCOM etc. He worked with Foundstone, Chase Manhattan Bank and IBM in the security space and was instrumental in product development, researching new methodologies and training designs. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews. He blogs at http://shreeraj.blogspot.com/.
AJAX code loaded in browser can have entry points to XSS and it is the job of the security analyst to identify these entry points. It is difficult to decisively conclude that possible entry points to an application can be exploited. One may need to do a trace or debug to measure the ri...
Feb. 19, 2007 04:00 AM EST Reads: 3,953
