When someone uses htmlentities I’ve seen it time and time again that they expect that it filters variables from all XSS. This is wrong of course because the function requires a second parameter ENT_QUOTES which correctly replaces quote characters. Some developers aren’t even aware that quotes can lead to XSS injection. This leads me to [...]

I thought I’d continue the theme of experimenting with XSS and trying different things, I haven’t seen this written about anywhere so here goes. The idea is using CSS as a XSS payload, this can be useful when filters allow some things but make it difficult to construct an attack. I’ve decided to call it [...]

I like the topic of CSRF because it’s such a difficult problem to solve, I was thinking about ways a browser can prevent CSRF and I’ve come up with the following solutions:- 1. After a domain name any image/object/frame etc request is truncated by a user definable setting. Limiting the amount of data an attacker [...]

I’ve been busy…real busy on Hackvertor so I thought it might be a good idea to explain the ideas behind it. Please note Hackvertor is currently only tested under Firefox. I may support other browsers in future. What is it? It’s many things: a conversion utility, browser hacking platform, targeted fuzzing tool, XSS filter testing [...]

I’ve decided to create a video demo of Hackvertor to display the new features I’ve added. The tool is quite powerful now and it is even able to solve my a bit of fun challenge. I didn’t want to waste the bandwidth of my server because of costs so sorry about the adverts displayed in [...]

I believe in releasing code as early as possible and often. So I’ve released another version of JSCK, the code isn’t a complete solution at the moment and is more of a proof of concept rather than a final version you can use on live sites but it highlights the method well and should provide [...]

I had a great idea to protect against CSRF, use my random Javascript creation technique! I already knew it was possible to use it in this way but I wanted a nice solution that anyone could incorporate into their site. PHP first creates a random session key using random code blocks, then Javascript does the [...]

After the success of my “a bit of fun” challenge, a few people asked for some more challenges. So I was answering a question on a mailing list that I’m a member of and I thought it would be a good topic for a little challenge and help sharpen everyone’s regular expression skills. The rules [...]

I’ve been busy catching up with some of the projects I’ve been working on and I’m pleased to announce a new version of Hackvertor, if you don’t know what it is check it out. It’s a useful tool to help with conversions and pen testing server side XSS filters. I decided to write the tool [...]

I’m pleased to announce that I have recently joined Blogsecurity which is fantastic news because I can work with some excellent people and develop free open source software which will help blogging security. WordPress Lockdown and WPIDS We’ve already been working on a security plugin for WordPress which combines my previously unreleased plugin WP Lockdown [...]