Resource
Certification Resource
Forum
![[Level:16]](http://www.vietnamesetestingboard.org/zbxe/modules/point/icons/default/16.gif "Point:8060point (38%), Level:16/30"){kind=icon}
steviiy
2010.10.04 02:54:26
2050
Contents
Overview 3
What are Personas 4
Business Decision Maker 4
Architect 4
Developer 4
Tester/QA 4
Understanding XSS for the Business Decision Maker 5
Risk 5
Business Impact 5
Fixing the Code 6
Resources and Training for Business Decision Makers 6
Understanding XSS for the Architect 6
Identifying the Problem 6
Common XSS Attacks 7
Designing a Fix 7
Input Validation Rules 8
Output Encoding Rules 8
Future Design Considerations 8
Tools for Designing Software That Prevents XSS 9
Resources and Training for Architects/PMs 9
Understanding XSS for the Developer 9
Identifying XSS Exploits 9
Identifying Untrusted Input 10
Identifying Untrusted Output 10
Stealing Cookies and User Information 11
Writing Secure Code 11
Validating Untrusted Input 11
An Alternative Approach: Sanitize Untrusted Input 12
Validating Trusted Output 13
Protecting Cookies and User Information from XSS 13
Use ValidateRequest 14
Tools and Libraries 14
Resources and Training for Developers 14
Understanding XSS for the Tester/QA 15
Identifying Insecure Code 15
Map Out the Site and Its Functionality 16
Identify and List Out Every Point of User-Supplied Input 16
Start Testing and Pay Attention to the Output 16
Verifying Security Against XSS Attacks 16
Modifying Your Test Process for XSS 17
Tools You Can Use 17
Resources and Training for Testers 18
The Microsoft SDL and Preventing XSS 18
Long-Term Solutions 18
Conclusion 19
Acknowledgements 19
Overview 3
What are Personas 4
Business Decision Maker 4
Architect 4
Developer 4
Tester/QA 4
Understanding XSS for the Business Decision Maker 5
Risk 5
Business Impact 5
Fixing the Code 6
Resources and Training for Business Decision Makers 6
Understanding XSS for the Architect 6
Identifying the Problem 6
Common XSS Attacks 7
Designing a Fix 7
Input Validation Rules 8
Output Encoding Rules 8
Future Design Considerations 8
Tools for Designing Software That Prevents XSS 9
Resources and Training for Architects/PMs 9
Understanding XSS for the Developer 9
Identifying XSS Exploits 9
Identifying Untrusted Input 10
Identifying Untrusted Output 10
Stealing Cookies and User Information 11
Writing Secure Code 11
Validating Untrusted Input 11
An Alternative Approach: Sanitize Untrusted Input 12
Validating Trusted Output 13
Protecting Cookies and User Information from XSS 13
Use ValidateRequest 14
Tools and Libraries 14
Resources and Training for Developers 14
Understanding XSS for the Tester/QA 15
Identifying Insecure Code 15
Map Out the Site and Its Functionality 16
Identify and List Out Every Point of User-Supplied Input 16
Start Testing and Pay Attention to the Output 16
Verifying Security Against XSS Attacks 16
Modifying Your Test Process for XSS 17
Tools You Can Use 17
Resources and Training for Testers 18
The Microsoft SDL and Preventing XSS 18
Long-Term Solutions 18
Conclusion 19
Acknowledgements 19
![[Level:17]](http://www.vietnamesetestingboard.org/zbxe/modules/point/icons/default/17.gif "Point:8730point (5%), Level:17/30"){kind=icon}
![[Level:2]](http://www.vietnamesetestingboard.org/zbxe/modules/point/icons/default/2.gif "Point:240point (80%), Level:2/30"){kind=icon}
![[Level:1]](http://www.vietnamesetestingboard.org/zbxe/modules/point/icons/default/1.gif "Point:30point (0%), Level:1/30"){kind=icon}
![[Level:0]](http://www.vietnamesetestingboard.org/zbxe/modules/point/icons/default/0.gif "Point:0point (0%), Level:0/30"){kind=icon}
Service
New
Popular Documents
Popular Download
Weekly
Monthly
Yearly
Twitter
tag
Visitor
Thank you for your file.