Technology Insights

Double Encoding – One Of The Biggest Enemies While Fixing Cross-Site Scripting (XSS)

“You have X amount of Cross-Site Scripting vulnerabilities”. That is a phrase most web developers have heard at least one time, what is a Cross-Site Scripting vulnerability?

OWASP defines Cross-Site Scripting as:

“Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.”

Information Security

Installing Virtual Box on Backtrack 4 R2

Lately I have had a lot of requests on how to install Sun’s Virtual Box on Backtrack 4. Virtual Box is a virtual environment similar to Vmware but it is free. Virtual Box will allow you to run other operating systems on your host. This can be useful for security because you will not harm any one or any thing will practicing.
It should be noted that adding third party repositories to any distribution can cause problems. That being said, many of us have downloaded and installed Virtual box using this method with out any problems.

Below I will outline the few simple steps to install Virtual Box