ActiveX, Java, & Scripting
ActiveX Exploder
http://www.halcyon.com/mclain/ActiveX/
 
ActiveX - Is It Worth the Risk?
http://www.iseran.com/ActiveX/
 
ActiveX Security (Richard M. Smith) Popular!
http://www.computerbytesman.com/acctroj/index.htm
 
ActiveX Viruses
http://www.cantrip.org/javirus.html
 
Are Microsoft ActiveX Controls Dangerous?
http://www.theregister.co.uk/content/4/15796.html
 
Browser Crashes (Richard M. Smith) Popular!
http://www.computerbytesman.com/security/crashes/index.htm
 
CERT
  • FAQ's About Malicious Web Scripts Redirected by Web Sites
    http://www.cert.org/tech_tips/malicious_code_FAQ.html
  • Malicious HTML Tags Embedded in Client Web Requests
    http://www.cert.org/advisories/CA-2000-02.html
  • Results of the Security in ActiveX Workshop
    http://www.cert.org/reports/activeX_report.pdf (PDF document)
    •  
    comp.lang.java FAQ
    http://www.ibiblio.org/javafaq/javafaq.html
     
    Cookie Central - Javascript Cookie Demos
    http://www.cookiecentral.com/content.phtml?area=2&id=7
     
    The Cross Site Scripting FAQ
    http://www.cgisecurity.com/articles/xss-faq.shtml
     
    Executing Arbitrary Commands Using ActiveX
    http://edensoft.com/exploit.html
     
    Georgi Guninski's Home Page Popular!
    http://www.nat.bg/~joro/index.html
    & http://www.guninski.com/
     
    GreyMagic - Internet Explorer Advisories Popular!
    http://sec.greymagic.com/adv/
     
    Hostile Applets
    http://www.cigital.com/hostile-applets/
     
    HostileCode.com
    http://www.hostile-code.com/
     
    iDEFENSE - Evolution of Cross-Site Scripting Attacks
    http://www.idefense.com/XSS.html
     
    IE Hacking Kit
    http://valgasu.rstack.org/
     
    Indiana University Knowledge Base
  • What is ActiveX?
    http://kb.indiana.edu/data/afoi.html
  • What are ActiveX Controls?
    http://kb.indiana.edu/data/afqb.html
  • What is Java?
    http://kb.indiana.edu/data/acwo.html
  • What are JavaBeans?
    http://kb.indiana.edu/data/aeuj.html
  • What is JavaScript?
    http://kb.indiana.edu/data/adtz.html
    •  
    Jason Levine's Browser Security Tests Popular!
    http://www.jasons-toolbox.com/BrowserSecurity/
     
    Jason Levine's IE Vulnerability Tests Popular!
    http://www.jasons-toolbox.com/jlevine/ievulntest.html
     
    The JavaScript Resource
    http://www.serve.com/hotsyte/
     
    Java Security Hotlist - Hostile Applets
    http://www.cigital.com/javasecurity/applets.html
     
    Microsoft
  • ActiveX
    http://www.microsoft.com/com/tech/ActiveX.asp
  • IE4 Resource Kit - ActiveX
    http://www.microsoft.com/technet/archive/ie/reskit/...
  • IE4 Resource Kit - Active Scripting
    http://www.microsoft.com/technet/archive/ie/reskit/..
  • IE4 Resource Kit - Java
    http://www.microsoft.com/technet/archive/ie/reskit/...
  • IE4 Resource Kit - Trust-based Security for Java
    http://www.microsoft.com/technet/archive/ie/reskit/...
  • IE5 Resource Kit - Security Zones & Permission-Based Security for MS Virtual Machine
    http://www.microsoft.com/technet/prodtechnol/ie/reskit/...
  • IE6 Resource Kit - Permission Based Security for Microsoft Virtual Machine
    http://www.microsoft.com/technet/prodtechnol/ie/reskit/...
  • Q240797 - How to Stop an ActiveX Control from Running in Internet Explorer
    http://support.microsoft.com/default.aspx?scid=kb;en-us;q240797
    •  
    Nasty JavaScript Tricks
    http://www.datenwerk.ch/
     
    NIST - Guidelines on Active Content & Mobile Code
    http://csrc.nist.gov/publications/nistpubs/index.html
    or http://csrc.nist.gov/publications/nistpubs/800-28/sp800-28.pdf (PDF document)
     
    Online Security & Privacy Tests - Active Content Tests
    CLICK HERE
     
    Pivx.com - Unpatched IE Security Holes Popular!
    http://www.pivx.com/larholm/
    or http://glaringdream.org/mirror/ie-vulnerabilities.html
    or http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/index.html
    or http://continue.to/trie
     
    Secure Internet Programming (MIT)
    http://www.cs.princeton.edu/sip/projects/index.php3
     
    Stupid Java Security Tricks
    http://www.uncle.com/emailgrab.html
     
    Sun - Java Security FAQ
    http://java.sun.com/sfaq/
     
    TINY Software - ActiveX Example
    http://www.tinysoftware.com/home/tiny2?pg=activex
     
     
    Using Back Button in IE is Dangerous
    http://www.securityfocus.com/archive/1/267561
     
    Using Back Button in IE is Dangerous (demo)
    http://www.eg.bucknell.edu/~ekrout/IE_Hack.html
     
    Weaknesses in ActiveX
    http://www.thur.de/~steffen/activex/index_e.html
     
    Whirly Wiry Web - Launch-in-IE
    http://www.whirlywiryweb.com/q/launchinie.asp
     
    WSHOM.OCX Exploit Test Page
    http://www.nsclean.com/axtest.htm
    • Entries that are marked Popular! indicate web sites that are popularly recommended by other users, not necessarily the author of this web site. The author of this web site does not endorse or recommend web sites or services unless explicitly noted.

    Home [frames]          Home [no frames]

    © 2000-2003 Eric L. Howes