Friday, May 25, 2007

People know about XSS!

I travel extensively speaking to audiences about various topics within the web application security world including vulnerability assessment, intranet hacking / JavaScript Malware, statistics, Ajax, myths, best practices, etc . Almost always the content touches upon XSS. Before digging in too deeply technologically, I usually ask how many know what Cross-Site Scripting (XSS) is by show of hands. The amazing this is recently groups of developers, IT folk, infosec professionals, and even CIO/CSO execs almost always more than half the audience raises their hands! For those with 2-3 years of webappsec experience, this may not sound like a big deal, but for those that have been around since say 2002, this is huge. Way back when almost no one knew what XSS was and if they did, they didn't take it seriously. The message is certainly getting out there and knowledge of webappsec is certainly improving. And not a moment too soon. :)

No comments: