XSS Cross Site Scripting Resources

I have been ignoring going into details of web security in my introductory web class, partly because we cover so much (HTML, CSS, Javascript, SQL, python) that we really don’t have time to cover it, and partly because I’ve been too busy to come up with some slides for it.

With the prevalence of XSS (Cross Site Scripting) hacks, it looks like this year I will be spending at least a few slides on security.

Some resources:

• http://www.cgisecurity.com/articles/xss-faq.shtml
• http://www.cert.org/tech_tips/cgi_metacharacters.html

An informative post on slashdot outlined a few points to consider when designing a site to be robust against XSS (I’ve highlighted his points, but the words are mostly his):

by Fireflymantis (670938)on Friday June 15, @04:21AM (#19516455)

•  Are you making sure, without fail that if a user changes view.php?id=32 to view.php?id=33 that they are not getting access to content they shouldn’t be?

• What about cookies? Assuming the malicious user can (and will) build cookies of their choosing and content, are you making sure that this cannot somehow be used to hijack another users account?
• Are you 100% certain, that every time you read get/post/put data that it has been marked as tainted, validated, and only after it has made it through some very harsh sanity checks it is allowed any where /close/ to a DB insert/query?
• It gets even more muddeled in the world of XmlHttprequests when you have to validate against a plethora of other constraints
• Simply checking form data is almost 99% of the time not enough. For a non-trivial web app, even the above is not easy to do unless you pay attention to it every step of development. And even if you do that, you will probabaly miss something.