For XSS, I'd highly recommend OWASP's XSS Prevention Cheat Sheet:
https://www.owasp.org/index.php/XSS_Prevention_Cheatsheet
and, in general, the entire OWASP Cheat Sheet series are developer-focused
and aimed and fixing (or not making in the first place) many different
security vulnerabilities:
https://www.owasp.org/index.php/Cheat_Sheets
Enjoy!
--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
On Fri, Mar 8, 2013 at 12:29 PM, Roman Zavolly <[email protected]>wrote:
> Hello Andres,****
>
> ** **
>
> My W3AF scans have found XSS vulnerability on a few Web servers. However,
> after searching online and on
> http://sourceforge.net/mailarchive/forum.php?forum_name=w3af-users&source=navbarI
> can’t find any clear cut explanation of what fix to implement to counter
> the discovered vulnerability. In the past I had to run typical google
> searches on how to tackle each issue but I was hoping that maybe by now
> there may be something like a “vulnerability/proposed solution” guide
> somewhere that I can reference?****
>
> ** **
>
> If there isn’t a guide could you help me understand how to deal with the
> following security hole?****
>
> ** **
>
> Here are some excerpts from the post scan logs:****
>
> ** **
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> ****
>
> [Thu 07 Mar 2013 01:41:02 PM EST] The following scripts allow an attacker
> to send POST data as query string data (this makes XSRF easier to exploit):
> ****
>
> [Thu 07 Mar 2013 01:41:02 PM EST] - The URL: http://xx.xx.xx.xx/login.aspxis
> vulnerable to cross-site request forgery. It allows the attacker to
> exchange the method from POST to GET when sendin data to the server. ****
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> ****
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] Found 2 URLs and 5
> different points of injection. ****
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] The list of URLs is: ****
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx / **
> **
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
> /login.aspx ****
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] The list of fuzzable
> requests is: ****
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx / |
> Method: GET ****
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
> /login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
> __EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
> chkRememberMe="", chkTestBandwidth="", hidBrowserDimensions="") ****
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
> /login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
> __EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
> chkRememberMe="", hidBrowserDimensions="") ****
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
> /login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
> __EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
> chkTestBandwidth="", hidBrowserDimensions="") ****
>
> [Thu 07 Mar 2013 01:34:58 PM EST - information] - http:// xx.xx.xx.xx
> /login.aspx | Method: POST | Parameters: (__VIEWSTATE="/wEPDwUJMz...",
> __EVENTVALIDATION="/wEWBwLd7t...", txtUserName="", txtPassword="",
> hidBrowserDimensions="")****
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> ****
>
> ** **
>
> Any help and guidance will be much appreciated!****
>
> ** **
>
> Thanks in advance,****
>
> Roman Zavolly****
>
> Systems Engineer****
>
> ** **
>
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
