You can't secure what you don't acknowledge.SM

Monday, March 29, 2010

Don't forget about XSS *behind* the login prompt

Don't assume that your Web security concerns stop at the login prompt. Here's a new piece I wrote where I talk about cross-site scripting (XSS) and whether or not it matters for logged-in users:

Authenticated XSS - problem or not?

No comments:

Post a Comment