I guess you all know Cross-Site Scripting attacks are becoming more and more dangerous every day. In the Web 2.0 era, stealing a user cookie\session or hijacking a user browser is almost equal to compromising his box by exploiting a remote code execution vulnerability.

Computer experts say that in the not so far future, operating systems will be no more then just a web browser, all the applications a user need will be online (take Office Online for example).
Therefor the phrase “XSS is the New Buffer Overflow, JavaScript Malware is the New Shell Code” is true, no wonder XSS made it the number one attack vector of 2006.

So it’s about time someone will publish an XSS book

XSS Attacks - Cross Site Scripting Attacks Exploits and Defense written by Jeremiah Grossman, Robert Hansen (RSnake), Petko D. Petkov (pdp), Anton Rager and Seth Fogie, is the first book ever made that is dedicated entirely to Cross-Site Scripting.

From what we can see in the preview (Chapter 5 and the Table of Contents), this book is packed with a lot of attack techniques, covers the simplest attack to the most advanced, universal cross-site scripting attacks, XSS exploitation frameworks and a lot more

For further information check out the book announcements in Jeremiah’s and RSnake’s blogs.



Good luck