« Google releases Chrome Web browser | Main | WASC Announcement: 2007 Web Application Security Statistics Published »

How To: Detect Cross Site Scripting Vulnerabilities using XSSDetect

"Last time we saw how to fix a cross site scripting (XSS) vulnerability. This time we look at how we can detect cross site scripting vulnerabilities using automated tools. Being the most common vulnerability found in web applications, it is very important to detect and mitigate XSS vulnerabilities early in development cycle. Arming developers with the right tools to develop application security is a big problem in every enterprise. Here at Microsoft, we have developed a static  analysis tool specifically aimed at developers to detect cross site scripting. It was released a while ago as Microsoft XSSDetect. "

Read more: http://blogs.msdn.com/cisg/archive/2008/09/01/how-to-detect-cross-site-scripting-vulnerabilities-using-xssdetect.aspx


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

System Requirements
Supported Operating Systems: Windows Vista; Windows XP
Microsoft Visual Studio 2005
Microsoft .NET Framework Version 2.0
Microsoft Visual Studio 2005 is needed for this tool? Hey, WTF? May be it is needed MS SQL server, too? =)

Hate MS all you want but they are one of a few organizations in a position to make real 'industry' change with their bank account and resources. The fact that Microsoft is taking the initiative is a good thing even if only in their technologies.

Other technologies such as php are open source and there is nothing stopping the community from building these tools for them/better tools.