Free Detection Service For Cross-Site Scripting Errors

Claiming that cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities, a new service has been launched to offer web developers a means of identifying XSS vulnerabilities quickly and easily, while offering remediation recommendations to produce higher security web applications.

Citing the fact that the Open Web Application Security Project (OWASP) includes XSS on its list of the Top 10 most dangerous software risks, the Veracode Free XSS Detection Service somewhat boldly asserts that it can remove what it describes as a developer's "perceived complexity" of the detection process.

According to OWASP, XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. From that point, XSS allows attackers to execute scripts in the victim’s browser that can hijack user sessions, deface web sites, or redirect the user to malicious sites.

Sadly there's no such thing as a free lunch -- at least not for long right? Verdacode offers developers the option to submit one Java application up to 20MB in size, free of charge - through which the Veracode platform will search for XSS errors and produce a report with location and remediation information.

There are a number of other vendors out there producing XSS vulnerability tools from Coverity, GrammaTech and Koicwork at the lesser-known end of the spectrum -- right up to IBM, HP and Parasoft, who you may be able to more readily name check yourself.

You might also like...

Comments

Contribute

Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone” - Bjarne Stroustrup