XSS & SQL injection "determining false positives"

["mike king" <ngiles () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

List,

I would be very interested in hearing some methodologies on dealing
with XSS and SQL vulnerabilities when determining false positives.
The way i am to understand this topic of "XSS attacks" is that
different languages can affect the way you would determine the
false positive or real finding.

If anyone would not mind talking about output validations or has
any links that are worth reading.

Thanks G.

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNOfNAACgkQUjm7xSZSd8FO8QCfVkfb9dNEx9lcOQ46hGLj/2RTlhQA
n2vYQeEl1GgyhmDZnrcmpaf1Bzkv
=3mKx
-----END PGP SIGNATURE-----