Microsoft Switzerland Security Blog

Security informations brought to you by the Swiss Security Team.

XSSDetect - Code Analysis Tool

XSSDetect - Code Analysis Tool

  • Comments 2
  • Likes

One of the biggest, constant problems we've seen our enterprise customers deal with and we here at Microsoft have to also contend with is that of the XSS (Cross Site Scripting) bug.  It's very common and unfortunately, still an issue we have to deal with in many web applications.  Internally, the ACE Team has been working on several projects to help mitigate and fix these issues, as well as detect them in the code bases that we review so that they can be fixed before going live.
http://blogs.msdn.com/ace_team/archive/2007/10/22/xssdetect-public-beta-now-available.aspx
and some more technical details:
http://blogs.msdn.com/hackers/archive/2007/10/23/some-technical-details-on-how-xssdetect-does-dataflow-analysis.aspx

Details / software/tool download:

XSSDetect is a static code analysis tool that helps identify Cross-Site Scripting security flaws found within Web applications. It is able to scan compiled managed assemblies (C#, Visual Basic .NET, J#) and analyze dataflow paths from sources of user-controlled input to vulnerable outputs. It also detects whether proper encoding or filtering has been applied to the data and will ignore such "sanitized" paths.

http://www.microsoft.com/downloads/details.aspx?FamilyID=19A9E348-BDB9-45B3-A1B7-44CCDCB7CFBE&displaylang=en

Urs

 

Comments
  • PingBack from http://tool.wpbloggers.com/?p=65

  • Just found the following list on the internet: 1. Cross site scripting (XSS) 2. Injection flaws 3. Malicious

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment