[ OWASP - Montreal ] XSS vulnerablity scanner implementation

Martin Verreault mverreault at gmail.com
Sat Apr 11 13:10:12 EDT 2009


Hello Arun,

Pixy is a xss and sql scanner for php.It's made in Java and it is well
documented.
You can learn how they parsed the php in their technical report :
http://www.seclab.tuwien.ac.at/papers/pixy_techreport.pdf

Website : http://pixybox.seclab.tuwien.ac.at/pixy/index.php

Good luck with your project!

-Martin

On Wed, Apr 8, 2009 at 5:34 PM, Arun Sarangan <arunsarangan at gmail.com> wrote:
> Hi,
> First of all , I would like to thank OWASP Board members for arranging
> wonderful presentation yesterday.
>
> I am trying to implement a XSS vulnerablity scanner for PHP code as my
> course mini project.
> The scanner should scan single php file and produce vulnerable lines as the
> output.
> Can you give some idea like which language supports php parser to start
> with.
>
>
> Thanks,
> Arun
>
> --
> Happiness keeps you Sweet, Trials keep you Strong, Sorrow keeps you Human,
> Failure keeps you humble and Success keeps you glowing, but only Faith &
> Attitude Keeps you going...
>
> _______________________________________________
> Owasp-montreal mailing list
> Owasp-montreal at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-montreal
>
>


More information about the Owasp-montreal mailing list