I agree it's a Web Application Problem, but if there is proactive steps that the make of the largest used web-browser in the world, can do to warn and prevent the most common web-application attacks via the browser, it's a good start. But I agree there is always going to be ways around the filter ( CSRF, ClickJacking, and whatever else is coming down the line in web-application-security issues)
Why Designing with OWASP in mind is a great idea, but in practice probably a lot of sites, and developers are falling really really short of any of these design goals. Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 ________________________________ From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Monday, October 06, 2008 7:01 PM To: NT System Admin Issues Subject: RE: New XSS protection in IE 8.0, maybe M$ is starting to get it Why is this Microsoft's problem? Cross-site scripting is really a web application problem. Filtering (like trying to filter out SQL Injection) is a losing proposition - people will find ways around the filter. Cheers Ken From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Monday, 6 October 2008 11:33 PM To: NT System Admin Issues Subject: New XSS protection in IE 8.0, maybe M$ is starting to get it http://blogs.technet.com/swi/ Promising technology, they need to add more into this filter because XSS isnt the only thing out there that needs to be checked. Z ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
