Skip to content

Category Archives: html

Tag inspector

I’ve been trying to automate the stuff that I normally do when XSS testing to make it easier than writing custom scripts each time. This worked really well for my fuzzing script which fuzzed random characters embedded into tags to find unusual combinations of characters. I’ve done the same again but this time it inspects [...]

Posted 22 November 2007 Gareth Heyes § Security § Tag Inspector § javascript § xss Comments (8)

iframes are evil

If I was in charge of browser security I would completely remove them, they are just a bad idea, I predict a huge rise of iframe based attacks from browser exploits to CSRF. I know this won’t happen because there are too many people who use them and don’t understand the security implications.
So I [...]

Posted 09 September 2007 Gareth Heyes § Security Comments (9)