Thread: [mod-security-users] Advanced Topic of the Week: XSS Defense via Content Injection
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <RBa...@tr...> - 2010-09-28 18:25:07
|
New blog post this week to help fight XSS flaws - http://blog.modsecurity.org/2010/09/advanced-topic-of-the-week-xss-defense-via-content-injection.html I also setup a demo so you can see how it works and/or try and find evasions - http://www.modsecurity.org/demo/demo-deny-noescape.html This will most likely make it into a future version of the OWASP CRS in an experimental rules directory. Cheers, Ryan |