One of the biggest, constant problems we've seen our enterprise customers deal with and we here at Microsoft have to also contend with is that of the XSS (Cross Site Scripting) bug. It's very common and unfortunately, still an issue we have to deal with in many web applications. Internally, the ACE Team has been working on several projects to help mitigate and fix these issues, as well as detect them in the code bases that we review so that they can be fixed before going live.http://blogs.msdn.com/ace_team/archive/2007/10/22/xssdetect-public-beta-now-available.aspxand some more technical details:http://blogs.msdn.com/hackers/archive/2007/10/23/some-technical-details-on-how-xssdetect-does-dataflow-analysis.aspx
Details / software/tool download:
XSSDetect is a static code analysis tool that helps identify Cross-Site Scripting security flaws found within Web applications. It is able to scan compiled managed assemblies (C#, Visual Basic .NET, J#) and analyze dataflow paths from sources of user-controlled input to vulnerable outputs. It also detects whether proper encoding or filtering has been applied to the data and will ignore such "sanitized" paths.
PingBack from http://tool.wpbloggers.com/?p=65
Just found the following list on the internet: 1. Cross site scripting (XSS) 2. Injection flaws 3. Malicious