On Sun, Jan 16, 2005 at 07:37:37PM +0000, Steve Kemp wrote:
> > Sometimes when you audit web applications, the developers have never
> > heard terms like Cross-site Scripting and SQL Injection before, so you
> > might have to explain stuff to them.
>
> I tried to come up with an online demonstration of XSS attacks
> but I kinda lost interest before making it pretty:
Take a look at OWASP's WebGoat. It is pretty and shows some of the most
common web-related attacks (XSS and SQL injection included).
http://www.owasp.org/software/webgoat/screenshots.html
Regards
Javier