[Owasp-leaders] Any DOM XSS Scanner ?

Stefano Di Paola stefano at owasp.org
Thu Mar 21 10:08:38 UTC 2013


Ala'a,

since I'm the author of DOMinator and DOMinatorPro, I'll try to be as
unbiased as possible :)

1.
http://www.google.it/search?q=dom+xss+scanner&aq=f&oq=dom+xss+scanner&sourceid=chrome&ie=UTF-8
Lists:
domxssscanner  //  RegExp Based
ra2-dom-xss-scanner // Blind Fuzzer
DOMinatorPro /// Runtime Analyzer
IBM JSA  // Static Analyzer
..

You can compare them with your testbed and see what's better.

2.:
Although this is maybe not the place to talk about it, I'd like have some
more elaborate opinion of yours on DOMinator.

About your opinion on the effectiveness on detecting DOM issues I'd like to
talk about it - publicly or privately as you wish.

Which DOMinator are you referring to? The Pro version hosted on
https://dominator.mindedsecurity.com/
or the old community version hosted on http://code.google.com/p/dominator/ ?

I'd like to be clear that if you have some usage problems to report, I am
more than happy to help. Same for bugs.


Cheers,
Stefano


On Thu, Mar 21, 2013 at 9:55 AM, Ala'a Mubaied <alaa.mubaied at owasp.org>wrote:

> Hi Leaders,
>
> I'm aware of Dominator, but it has a lot of crashes due to memory
> consumptions and not much effective of detecting DOM issues.
>
> any other suggestions ?
>
> Thanks
> Ala'a
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130321/3211e0c7/attachment-0001.html>


More information about the OWASP-Leaders mailing list