Newbie How To Prevent cross-site scripting > or clickjacking

Brian McKee brian.mckee at gmail.com
Tue Apr 28 01:36:39 UTC 2009


On Mon, Apr 27, 2009 at 9:00 PM, Ed <kodiack91 at yahoo.com> wrote:
> I Would be greatful for any info anyone can give on how to prevent
>  cross-site scripting
>> or clickjacking
>   what are they and  what applacations can be used to help prevent this!

You may find the Wikipedia articles a good starting point.
http://en.wikipedia.org/wiki/Cross-site_scripting
http://en.wikipedia.org/wiki/Clickjacking

They are broad overlapping catagories without one silver bullet so to
speak, but it is helpful to sign out of sites you log into after you
are done with them (rather than just closing the window and navigating
away)  I'd also recommend the  NoScript Firefox plugin which can be
very powerful but somewhat user intensive - http://noscript.net

If you have questions like these, you might want to consider listening
to the Security Now podcast.  For instance, Episode #168
http://media.grc.com/sn/sn-168.mp3 was about Click Jacking.   I would
caution you to not take anything they say on that show as gospel - but
you shouldn't take anything you find anywhere (including right here)
about security as gospel without cooperation and common sense checks.

Brian




More information about the ubuntu-users mailing list