Re: ACTION-164 - Elaborate Cross Site Scripting in Wiki

I wrote:
>    This is a great improvement.  I've differentiated attacks send form data
> between sites from those that send script/HTML code between sites.  I think
> this helps clean the tree tremendously.

   After writing this email I learned that this distinction is also made in
wikipedia.  I've adopted their term for attacks that cause requests to be
impersonated/forged.

   <http://en.wikipedia.org/wiki/Cross-site_request_forgery>

   This is now appropriately reflected in the threat trees.

Received on Friday, 23 March 2007 18:50:44 UTC