Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Browser security handbook.
Posted by: rvdh
Date: January 14, 2009 01:05AM

I've been reading this last night from Michal Zalewski:

http://code.google.com/p/browsersec/wiki/Part1

Excellent resource, highly recommended for anyone who wants to understand browsers a bit more in depth. Good if you need a quick brush-up on your browser knowledge. ;)

Options: ReplyQuote
Re: Browser security handbook.
Posted by: zeno
Date: January 28, 2009 11:17AM

WASC has published similar material that maps the javascript event handlers to each html tag, to each major browser. Good for xss testing.

The Script Mapping Project
http://www.webappsec.org/projects/scriptmapping/

Grid
http://www.webappsec.org/projects/scriptmapping/ScriptMapping_Release_26Nov2007.html

Options: ReplyQuote
Re: Browser security handbook.
Posted by: Gareth Heyes
Date: January 28, 2009 12:33PM

There's a mistake with the keygen tag:-
<keygen name="thekey" challenge="4310527096" onchange=alert(1)>

onchange works :)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Browser security handbook.
Posted by: zeno
Date: January 28, 2009 06:55PM

Please ping Romain the project leader (his email is on that page).

Options: ReplyQuote
Re: Browser security handbook.
Posted by: nEUrOO
Date: January 29, 2009 11:51AM

Interesting, on my data, I have it working for Firefox2 ...

I seriously need to update this, if anyone wants to help, I'd love to/need it:)

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Options: ReplyQuote


Sorry, only registered users may post in this forum.