How To: Detect Cross Site Scripting Vulnerabilities using XSSDetect
"Last time we saw how to fix a cross site scripting (XSS) vulnerability. This time we look at how we can detect cross site scripting vulnerabilities using automated tools. Being the most common vulnerability found in web applications, it is very important to detect and mitigate XSS vulnerabilities early in development cycle. Arming developers with the right tools to develop application security is a big problem in every enterprise. Here at Microsoft, we have developed a static analysis tool specifically aimed at developers to detect cross site scripting. It was released a while ago as Microsoft XSSDetect. "
System Requirements
Supported Operating Systems: Windows Vista; Windows XP
Microsoft Visual Studio 2005
Microsoft .NET Framework Version 2.0
--------
Microsoft Visual Studio 2005 is needed for this tool? Hey, WTF? May be it is needed MS SQL server, too? =)
Posted by: Pento | Sep 3, 2008 11:50:29 AM
Hate MS all you want but they are one of a few organizations in a position to make real 'industry' change with their bank account and resources. The fact that Microsoft is taking the initiative is a good thing even if only in their technologies.
Other technologies such as php are open source and there is nothing stopping the community from building these tools for them/better tools.
Posted by: Robert | Sep 3, 2008 1:05:47 PM