WebApp Sec mailing list archives
XSS & SQL injection "determining false positives"
From: "mike king" <ngiles () hushmail com>
Date: Thu, 13 Oct 2005 08:26:48 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 List, I would be very interested in hearing some methodologies on dealing with XSS and SQL vulnerabilities when determining false positives. The way i am to understand this topic of "XSS attacks" is that different languages can affect the way you would determine the false positive or real finding. If anyone would not mind talking about output validations or has any links that are worth reading. Thanks G. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkNOfNAACgkQUjm7xSZSd8FO8QCfVkfb9dNEx9lcOQ46hGLj/2RTlhQA n2vYQeEl1GgyhmDZnrcmpaf1Bzkv =3mKx -----END PGP SIGNATURE-----
Current thread:
- XSS & SQL injection "determining false positives" mike king (Oct 13)