.NETIDS can detect fragmented XSS
Article written by martin
Just a quick note to say that some additional functionality has been bundled in before the (impending) release of .NETIDS 0.1: page output detection. This adds an entirely new dimension to the detection of threats as now both input and output can be monitored for unexpected malicious strings.
The whole thing is explained in more detail here, but in the mean time check out these SmokeTests:
As always please let us know if you manage to either bypass detection or trigger a false positive!
This entry was posted
on Friday, June 15th, 2007 at 5:22 pm and is filed under .NETIDS.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
