Re: XSS online tester

[Sandeep Shetty <sandeep.s () directi com>]

Hey,

Matthieu wrote:
> I'll would like to know if you know some interesseting urls which test 
> online XSS vulnerabilities
> I've searched on google, but I can't found some online free scanner.
> best regards

Was at a presentation once where Rasmus Lerdorf (PHP creator) showed a 
tool that he had developed internally at Yahoo in order to detect 
security holes in web apps. He was going to open source it but realized 
that a majority of the sites he tested using it had vulnerabilities that 
could be exploited. So he decided to not give it away since the tool 
makes it very easy to detect potential XSS exploits to the wrong people. 
However, you can get in touch with him and he will scan your site for you.

Here is someone else talking about the same tool.
http://b2evolution.net/news/2005/11/13/b2evolution_passing_the_scanmus_test


Sandeep Shetty


-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------