indiewebify-me icon indicating copy to clipboard operation
indiewebify-me copied to clipboard

Published 20 hours ago verified publisher icon indieweb

Indieweb comment XSS security testing utility

Open barnabywalters opened this issue 11 years ago • 3 comments

A tool could be made which, given the URL of a post, sends it a webmention with a bunch of XSS attacks in. Each attack, if successful, does a console.log call with the name of the vulnerability and a URL with instructions on how to prevent it.

barnabywalters avatar Jan 26 '14 16:01 barnabywalters

XSS attack cheat sheet: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

barnabywalters avatar Jan 26 '14 16:01 barnabywalters

Further work on actually defining XSS attacks and test documents can be found http://indiewebcamp.com/xss

barnabywalters avatar Apr 14 '14 17:04 barnabywalters

https://checkmention.appspot.com/ already implements some of this rather nicely, link to that at least as a stopgap.

barnabywalters avatar Apr 30 '14 14:04 barnabywalters