Author of the XSS Book

Fri, 16 Feb 2007 23:19:40 GMT
by pdp

It is probably about time to announce that I am one of the authors of the upcoming XSS Book, RSnake talked about a month ago on his blog. The complete list of authors is: Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager and Petko Petkov (a.k.a me).

The book is going quite well and I hope that it will provide a good starting point for those who are interested in getting into client-side web security but don't know much about it. The book is also designed to cover some advance topics for those who want to expand their current knowledge. I guess everybody will be happy. You can preorder it from Amazon. This is the only book on Cross-site Scripting attacks and related topics, for now, so I hope it will be a success.

Archived Comments

MustLiveMustLive
Petko! It is good that such professional web security guys will write such interesting security book (about XSS). I wish good luck to you, and RSnake and all authors' team and to your new book! And I am glad that you will be the 5th author with Jeremiah, RSnake and other guys. I feel that it will be 5th author and here it is. It is good to see you with these famous security experts in team. You need to contact Amazon :-), and tell them to put Petko Petkov to the list of the authors, because there is no your name in the list. And it is not good. Amazon need to add Pdp to the list! Every author need a portion of attention. Don't forget to write about all of types of XSS in the book. Write a chapter about UXSS and a chapter about XSS on SEO (black seo) ;-). And about many other interesting things. P.S. You also need to attend to security of your own site. As I planning to tell you for a long time already, there are many XSS holes at your site! So wait for my detailed letter.
pdppdp
Thanks man,
You need to contact Amazon :-), and tell them to put Petko Petkov to the list of the authors, because there is no your name in the list. And it is not good. Amazon need to add Pdp to the list! Every author need a portion of attention.
Thanks for the advise. The reason I am not there is because I was invited to join the team at much later stage. The front cover and the author bio will change as soon as we get the book on Amazon.
You also need to attend to security of your own site. As I planning to tell you for a long time already, there are many XSS holes at your site! So wait for my detailed letter.
It could be the PDF thing which I already know about or it could be something on Wordpress that I don't know about. There is one thing that can be used for XSS, Backframe's inline profiles, however you get warned that a profile is about to be loaded, so it is not a big deal. If it is the PDF issue, I don't care that much. Yes, someone can get exploited on GNUCITIZEN, but that is not beneficial to anyone. If it is Wordpress, then I don't know. I would write my own blog software if I had the time.
DeadOnArrivalDeadOnArrival
Please continue to write this blog. Looking forward to your book.
MustLiveMustLive
Pdp, I am waiting until Amazon will update book's front cover and author's bio (because it will be interesting to read your bio). You can announce at your site about this event (when the book will be out). And about holes. I am talking about XSS vulnerabilities at your site - in WordPress (particularly). Not UXSS, but you can fix it also (and you better do). So wait for my detailed letter with information about XSS vulnerabilities at your site.
pdppdp
And about holes. I am talking about XSS vulnerabilities at your site - in WordPress (particularly).
Really? Wow, I will be interested to see that, not that I am surprised.
Not UXSS, but you can fix it also (and you better do).
Show me a fix and I will show you how you can still abuse this hole. I've played with all kinds of server side fixes for this vulnerabilities and all of them can be circumvented. So, the solution is easy, update your plugin. It is client-side issue, not server-side.