tag:blogger.com,1999:blog-13756280.post116319689715333609..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: HackerSafe makes not so good news, againJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-13756280.post-29216759683203634192006-11-14T06:35:00.000-08:002006-11-14T06:35:00.000-08:00I blogged this eons ago (that's internet eons, whi...I blogged this eons ago (that's internet eons, which is like dog eons only faster) . <br />I didn't bother looking for XSS at the time, but I think the point was made. <br /><br />http://n074h4x0r.blogspot.com/2005/06/errant-logos.html<br /><br />- Me. <br />I'm not a hacker, I'm N074h4x0r.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1163291476577438162006-11-11T16:31:00.000-08:002006-11-11T16:31:00.000-08:00Hi David, personally I'm never sure a website is c...Hi David, personally I'm never sure a website is completely free of any vulnerability. All software has bugs, we accept that. But I think the point being made here is the difference between the perceived value some security vendors are claiming vs. what is actually being delivered. I <A HREF="http://jeremiahgrossman.blogspot.com/2006/10/methodology-for-comparing-web.html" REL="nofollow">measure vulnerability assessment solutions</A> by how much more time it takes to find that one first serious issue an attacker might need. My take on Scan Alert is its only taking the guys sla.ckers.org a few minutes (if that) on each site they look at. Other vendors, including myself, might charge more, but you get what you pay for is the message thats coming across.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1163290327497167242006-11-11T16:12:00.000-08:002006-11-11T16:12:00.000-08:00Fair comments, but would either of you feel comple...Fair comments, but would either of you feel completely sure that the web applications you have tested are totally free of XSS vulnerabilities?Anonymousnoreply@blogger.com