

Three vulnerabilities every web application developer should know about - andreydrak
http://www.catonmat.net/blog/how-cybercriminals-steal-money/

======
technoguyrob
If you want to get more hands-on familiar with these, I used to be an
administrator at hackthissite.org. It's a site that has hacking "missions"
which let you try to get in the shoes of the cracker. It was very helpful for
me in learning about things like SQL injections and XSS.

<http://hackthissite.org>

------
sh1mmer
You should also look at the XSS cheat sheet

<http://ha.ckers.org/xss.html>

~~~
pkrumins
Thanks for this link! I added it to the article!

------
tptacek
This post is really epsilon from linkjacking.

~~~
pkrumins
What do you mean?

~~~
tptacek
99.999% of the content of this submission is in a link from the article
submitted itself, and the article itself has only the barest familiarity with
the topic ("XSSI but no XSS?").

I'm glad it was submitted, but we should vote and comment on the Google
TechTalk itself. I just submitted it.

~~~
pkrumins
I am glad to hear your opinion.

Not everyone has an hour to watch the lecture. I have been blogging about
video lectures in this style for a while now, and I have received quite a few
emails thanking me for providing sum-ups of the videos.

I was also very surprised at the time of submission that he talked about XSSI
but did not cover XSS! Only later did I add a paragraph about XSS! Sorry about
that.

~~~
tptacek
Ok, guy with the linkjacked summary of a Google TechTalk? XSSI is XSS.

~~~
pkrumins
Oh! I was talking about static XSS then! The example Neil gave in his talk was
about dynamic XSS. I thought XSSI meant that and "XSS" meant this -
<http://www.cgisecurity.com/articles/xss-faq.shtml>

------
rw
"is a PhD from Stanford" vs. "has a PhD from Stanford"

connotations...

~~~
pkrumins
Thanks! I changed it to "has a PhD from Stanford".

------
beaudeal
i enjoyed the talk - thanks for the post!

