20 page paper covering most aspects of XSS attacks including injection points, attack scenarios, attacker motivations and techniques, code obfuscation examples and starts laying a foundation on proper filtering framework. Included in the paper is a download package of handy XSS utilities.

    Web developers spend allot of time planning out complex chains of events to make their web applications work. Within the planning and outlines, implicit control over the chain of events is often assumed. This paper is an introduction to breaking those assumptions and realizing just how vulnerable those chalk board outlines can be in the real world.

   This paper is an introduction to HTTP Auth introduced at the HTTP header level.

    This series introduces you to the Http protocol and gives you a common sense understanding of how web servers and browsers communicate. This foundation in turn takes us into the papers real focus, how and why attackers may manipulate raw http requests and the impact this has on web applications.

1. Http Header Manipulation - Overview
2. Http Headers - Cookie Manipulation
3. Http Headers - Referer Manipulation
4. Http Headers - User Agent Manipulation

    This is a basic primer on URL anatomy and why an encoding technique is necessary.

   Part of the a developers series I am writing. This article gives you a walk through of the Sleuth Browser Extensions capabilities and screenshots and gives a quick rundown on what they are capable of and how to use them to analyze a foreign web app.