XSSDetect is a VisualStudio plugin designed to detect XSS vulnerabilities in managed code which is very common and unfortunately, still an issue that have to deal with in many web applications.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. (Cross-site scripting was originally referred to as CSS)
XSSDetect is a stripped down version of enterprise ready Code Analysis Tool for .NET code bases (CAT.NET for short). CAT.NET adds such features as VSTF integration, centralized reporting using web services, customized rulesets and filters, integration with FXCop and MSBUILD as well as the ability to run from the command line to integrate with your build processes.
XSSDetect is currently in beta! This current version of the beta will expire after 60 days.
You can download XSSDetect from here.
No comments:
Post a Comment