[ad] x5s is a Fiddler add-on which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It’s main goal is to help you identify the hotspots where XSS might occur by: Detecting where safe encodings were not applied to emitted user-inputs Detecting where Unicode character transformations might bypass security filters Detecting where non-shortest UTF-8 […]
cross-site-scripting
Vicnum – Lightweight Vulnerable Web Application
[ad] Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises. Being a small web application with no complex framework […]
Google Buzz Patches XSS Flaw In Mobile Version
[ad] You may or may not have noticed, but I was on hiatus for a few days. As you’re probably aware (and I’m sure many of you celebrate) it was Chinese New Year on February 14th so I was offline for a few days taking a well deserved break. I’d like to wish all of […]
Researcher Uncovers XSS Flaws In Twitter and Google Calendar
[ad] More flaws discovered in Twitter and Google Calender during the holiday season. Once again XSS flaws have been discovered in popular web apps, but at least they were reported and not used nefariously this time. Fixes have been issued promptly by both Google and Twitter so there is not much cause for concern this […]
Microsoft CAT.NET v1.1.1.9 – Binary Code Analysis Tool .NET
[ad] CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, […]