Real World XSS
This paper covers most aspects of XSS attacks including:
- injection points
- attack scenarios
- attacker motivations and techniques
- code obfuscation examples
- starts laying a foundation on proper filtering framework.
Some topics basic to this document are an understanding of URL structure, and some knowledge of html and JavaScript. Additionally knowledge of URL encoding, http request methods and web application technologies such as ASP, would be helpful.
Download the paper in TXT format here.