18. XSS in eXo Products Examples of how to detect XSS vulnerabilities
19. Use case of Reflected XSS Package: WCM 2.2.0 Attack steps: See defect description in this link https://jira.exoplatform.org/browse/ECMS-1773 Browsers: Internet Explorer 7, Firefox 3 Consequence : session hijacking & more
20. Use case of Stored XSS Package: Social 1.2.0 Attack steps: See defect description in this link https://jira.exoplatform.org/browse/SOC-1532 Browsers: Internet Explorer 7, Firefox 3 Consequence : session hijacking & more
21. Use case of DOM-based XSS Package: ECMS 2.3.x Attack steps: See defect description in this link https://jira.exoplatform.org/browse/ECMS-2791 Browsers: Internet Explorer 7, Firefox 3 Consequence : session hijacking & more
22. XSS exploit basing on logic vulnerability Package: PLF 3.5.0 Attack steps: See defect description in this link https://jira.exoplatform.org/browse/ECMS-2723 https://jira.exoplatform.org/browse/ECMS-2736 Browsers: Internet Explorer 7, Firefox 3 Consequence : session hijacking & more Question for listeners: what is the best solution for this situation?
23. References for audiences 1. Guideline of Secure coding standards http://www.oracle.com/technetwork/java/seccodeguide-139067.html#6-1 2. EXOWiki security links EXO-RedHat Collaboration Study https://wiki-int.exoplatform.org/display/rhcollab/XSS TQA Security Test https://wiki-int.exoplatform.org/display/TQA/SECURITY Deployment & Configuration rules (ITOP) https://wiki-int.exoplatform.org/display/ITOP/eXo+Applications+and+security