Re: XSS vulnerability

["Albert R. Campa" <abcampa () gmail com>]

You can install a Host based IPS or if your network is capable some
type of Network IDS/IPS would be good to place in front of the web
server.

Also coordinating a web vulnerability application scan would be a good
idea to do, so you can pass to the developers and they can see what
they need to fix.

saludos

Albert

On Dec 13, 2007 8:54 PM, Heng Kuo Kuang Kelvin  NCS <kuokuang () ncs com sg> wrote:
> Hi,
> I tried to google for XSS vulnerability, how to hack, how to prevent,
> etc. However, I have no any meaningful information for me to work with.
>
> Actually, I am supposed to address some XSS vulnerability on some of the
> in-house application developed by 3rd party vendor. My web server is
> already patched to its latest version, however the coding in the
> application is subjected to XSS vulnerability, I would like to do
> something about it rather than waiting for the application developer to
> rewrite the application.
>
> Can anyone of you help me by giving me some guidance?
>
> 1) What kind of pattern will I be able to pick up from my web server
> logs to show that there is XSS attacks against my web server?
> 2) How can I prevent XSS from attacking my web servers [Apache, Sun One,
> IIS 5 & 6] without having to change the application coding?
> 3) How can I test for XSS vulnerability on my web servers?
>
> Any information will be greatly appreciated.
>
> Thanks in advance
>
> Regards,
> Kelvin Heng