My coworker Alex Ginos sent a link the other day to an XSS (cross site scripting) cheat sheet at ha.ckers.org. This cheat sheet is amazing; it has a LOT of XSS examples and also lists the browsers that the attack is “supported” by. I thought my XSS attack list was pretty good until I saw this list. To say the least, I’ll be adding a ton more XSS attacks to my current test case repository.
ha.ckers.org is also a blog with some really great posts about hacking and security. Another interesting post that I enjoyed was Attacking Applications Via XSS Proxies. Subscribe to this blog, these guys are freakin’ smart.