24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

SIN 2WEB SERVER–RELATED VULNERABILITIES (XSS, XSRF, AND RESPONSE SPLITTING)

OVERVIEW OF THE SIN

When most developers think of cross-site scripting (XSS) bugs, they think of bugs in web sites that lead to attacks on client browsers, but over the last few years there has been an increase in server XSS bugs, and an alarming increase in client-side XSS issues. The latter attack form is relatively new and is the subject of the next chapter.

Since we wrote the original 19 Deadly Sins of Software Security, research by MITRE Corporation shows that XSS bugs have overtaken the humble but common buffer overrun as the bug de jour.

We think the reason for the increase in XSS issues is many faceted.

First, there has been an explosion in the quantity of ...

Get 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by Michael Howard, David LeBlanc, John Viega

SIN 2WEB SERVER–RELATED VULNERABILITIES (XSS, XSRF, AND RESPONSE SPLITTING)

OVERVIEW OF THE SIN

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly