Thursday, January 10, 2008

XSS Hu la la :-)

From Mark Curphey's blog ::


From the Office of "Real World Software Security"

When a customers development team was recently asked to use the AntiXSS library, validate input and encode output for their web interface they replied (and I quote) “we do not use cross site scripting”.

If any customer ever asks the single most effective thing to affect a positive change on their software security security program I always respond with education and awareness. Pound for pound, dollar for dollar it is the most effective tool anyone has.