Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cross Site Scripting Vulnerabilities - XSS

From: Chad Loder <cloder () acm org>
Date: Tue, 6 Aug 2002 08:02:08 -0700
Hi Jason,

I'm not sure if you're interested in commercial tools
or not, but Rapid 7's vulnerability scanner NeXpose
will spider an entire website and test each field of
each form it encounters for vulnerability to cross
site scripting.

You can download an eval copy from www.rapid7.com.

Yours,
        Chad Loder
        Rapid 7, Inc.

* Jason binger <cisspstudy () yahoo com> [020806 07:35]:

Has anyone on the list done much with testing for XSS
vulnerabilities?

Has anyone written a simple work program to test for
these vulnerabilities that they are happy to
distribute so others can do basic testing for these
vulnerabilities?

There a few papers out on this topic, but none that I
hve seen that really focus on the testing side of
things.

Thanks

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: