Author of the XSS Book

It is probably about time to announce that I am one of the authors of the XSS Book, RSnake talked about a month ago on his blog. The complete list of authors is: Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager and Petko Petkov (a.k.a me).

The book is going quite well and I hope that it will provide a good starting point for those who are interested in getting into client-side web security but don’t know much about it. The book is also designed to cover some advance topics for those who want to expand their current knowledge. I guess everybody will be happy. You can preorder it from Amazon. This is the only book on Cross-site Scripting attacks and related topics, for now, so I think that we may quickly run out of copies. I am sure that Syngress can handle it if that happens.

In the next couple of weeks I have to put a lot more afford into completing the remaining chapters, so don’t expect much of development on the GNUCITIZEN blog. Dinis Cruz is our guest blogger for this month. I am really happy about it. I am not sure what Dinis is working on but I am sure that it is something interesting.

Meanwhile, there are a lot of background stuff going on that you cannot see. Five more projects were initiated and all of them are kept underground for now. We are doing serious stuff here people! I will start working on all of them as soon as I finish my work on The XSS Book. There were some serious discussions about GNUCITIZEN future, so please give us your feedback on how you feel about the site. You can do it either by contacting us or by posting your message on the feedback topic. You can also put your comments right after this article. Thanks.

Comments

MustLive responds:

Petko!

It is good that such professional web security guys will write such interesting security book (about XSS). I wish good luck to you, and RSnake and all authors’ team and to your new book!

And I am glad that you will be the 5th author with Jeremiah, RSnake and other guys. I feel that it will be 5th author and here it is. It is good to
see you with these famous security experts in team.

You need to contact Amazon :-), and tell them to put Petko Petkov to the list of the authors, because there is no your name in the list. And it is not good. Amazon need to add Pdp to the list! Every author need a portion of attention.

Don’t forget to write about all of types of XSS in the book. Write a chapter about UXSS and a chapter about XSS on SEO (black seo) ;-). And about many other interesting things.

P.S.

You also need to attend to security of your own site. As I planning to tell you for a long time already, there are many XSS holes at your site! So wait for my detailed letter.

pdp responds:

Thanks man,

You need to contact Amazon :-), and tell them to put Petko Petkov to the list of the authors, because there is no your name in the list. And it is not good. Amazon need to add Pdp to the list! Every author need a portion of attention.

Thanks for the advise. The reason I am not there is because I was invited to join the team at much later stage. The front cover and the author bio will change as soon as we get the book on Amazon.

You also need to attend to security of your own site. As I planning to tell you for a long time already, there are many XSS holes at your site! So wait for my detailed letter.

It could be the PDF thing which I already know about or it could be something on Wordpress that I don’t know about. There is one thing that can be used for XSS, Backframe’s inline profiles, however you get warned that a profile is about to be loaded, so it is not a big deal. If it is the PDF issue, I don’t care that much. Yes, someone can get exploited on GNUCITIZEN, but that is not beneficial to anyone. If it is Wordpress, then I don’t know. I would write my own blog software
if I had the time.

DeadOnArrival responds:

Please continue to write this blog. Looking forward to your book.

MustLive responds:

Pdp, I am waiting until Amazon will update book’s front cover and author’s bio (because it will be interesting to read your bio).

You can announce at your site about this event (when the book will be out).

And about holes. I am talking about XSS vulnerabilities at your site – in WordPress (particularly). Not UXSS, but you can fix it also (and you better do).

So wait for my detailed letter with information about XSS vulnerabilities at your site.

pdp responds:

And about holes. I am talking about XSS vulnerabilities at your site – in WordPress (particularly).

Really? Wow, I will be interested to see that, not that I am surprised.

Not UXSS, but you can fix it also (and you better do).

Show me a fix and I will show you how you can still abuse this hole. I’ve played with all kinds of server side fixes for this vulnerabilities and all of them can be circumvented. So, the solution is easy, update your plugin. It is client-side issue, not server-side.

GNUCITIZEN Products

Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.

Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.

Websecurify is a division of GNUCITIZEN. The initiative was established to provide a free web application security framework for automated and manual penetration testing. The service is still in private-beta.

Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.

Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.

Visit the GNUCITIZEN Network for a complete listing of all GNUCITIZEN initiatives, products and partnering organizations.

GNUCITIZEN

Navigation