XSS
Google Application Security: XSS
https://www.google.com/about/appsecurity/learning/xss/
(ottimo)
OWASP XSS Resources
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet
https://github.com/cure53/DOMPurify
https://www.google.com/about/appsecurity/learning/xss/
http://twig.sensiolabs.org/
https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer
https://www.troyhunt.com/understanding-xss-input-sanitisation/
Esempio che modifica i login form
http://resources.infosecinstitute.com/deadly-consequences-xss/
Lista di attack vectors comuni
https://www.acunetix.com/websitesecurity/cross-site-scripting/
https://www.owasp.org/index.php/Testing_for_Cross_site_scripting
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
DOM-based XSS explained
https://brutelogic.com.br/blog/dom-based-xss-the-3-sinks/
Everything You Need to Know About Preventing Cross-Site Scripting Vulnerabilities in PHP
https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know
A Tale of the Weaknesses of Current Client-side XSS Filtering
https://www.blackhat.com/docs/us-14/materials/us-14-Johns-Call-To-Arms-A-Tale-Of-The-Weaknesses-Of-Current-Client-Side-XSS-Filtering.pdf
http://www.securityweek.com/web-application-firewalls-tested-against-xss-attacks
https://www.google.com/about/appsecurity/learning/xss/
(ottimo)
OWASP XSS Resources
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet
https://github.com/cure53/DOMPurify
https://www.google.com/about/appsecurity/learning/xss/
http://twig.sensiolabs.org/
https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer
https://www.troyhunt.com/understanding-xss-input-sanitisation/
Esempio che modifica i login form
http://resources.infosecinstitute.com/deadly-consequences-xss/
Lista di attack vectors comuni
https://www.acunetix.com/websitesecurity/cross-site-scripting/
https://www.owasp.org/index.php/Testing_for_Cross_site_scripting
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
DOM-based XSS explained
https://brutelogic.com.br/blog/dom-based-xss-the-3-sinks/
Everything You Need to Know About Preventing Cross-Site Scripting Vulnerabilities in PHP
https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know
A Tale of the Weaknesses of Current Client-side XSS Filtering
https://www.blackhat.com/docs/us-14/materials/us-14-Johns-Call-To-Arms-A-Tale-Of-The-Weaknesses-Of-Current-Client-Side-XSS-Filtering.pdf
http://www.securityweek.com/web-application-firewalls-tested-against-xss-attacks
