[ OWASP - Montreal ] XSS vulnerablity scanner implementation

Arun Sarangan arunsarangan at gmail.com
Sat Apr 11 15:10:21 EDT 2009


Hi Martin,Thanks for your prompt reply.
I made a small c# application which reads a vulnerable php program (with no
input validation) , and i check for $_GET, $_POST, $_REQUEST values and i
validate them for XSS vulnerabilities (for now) by appending a input
validation code to the vulnerable code through c# program. Now every  $_GET,
$_POST, $_REQUEST  value , goes through this check .
So basically a programmer types a vulnerable source code in the c#
application , and he gets back a secure code.

Can you give me more ideas to improve my c# application.

Thanks,
Arun

On Sat, Apr 11, 2009 at 1:10 PM, Martin Verreault <mverreault at gmail.com>wrote:

> Hello Arun,
>
> Pixy is a xss and sql scanner for php.It's made in Java and it is well
> documented.
> You can learn how they parsed the php in their technical report :
> http://www.seclab.tuwien.ac.at/papers/pixy_techreport.pdf
>
> Website : http://pixybox.seclab.tuwien.ac.at/pixy/index.php
>
> Good luck with your project!
>
> -Martin
>
> On Wed, Apr 8, 2009 at 5:34 PM, Arun Sarangan <arunsarangan at gmail.com>
> wrote:
> > Hi,
> > First of all , I would like to thank OWASP Board members for arranging
> > wonderful presentation yesterday.
> >
> > I am trying to implement a XSS vulnerablity scanner for PHP code as my
> > course mini project.
> > The scanner should scan single php file and produce vulnerable lines as
> the
> > output.
> > Can you give some idea like which language supports php parser to start
> > with.
> >
> >
> > Thanks,
> > Arun
> >
> > --
> > Happiness keeps you Sweet, Trials keep you Strong, Sorrow keeps you
> Human,
> > Failure keeps you humble and Success keeps you glowing, but only Faith &
> > Attitude Keeps you going...
> >
> > _______________________________________________
> > Owasp-montreal mailing list
> > Owasp-montreal at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-montreal
> >
> >
>



-- 
Happiness keeps you Sweet, Trials keep you Strong, Sorrow keeps you Human,
Failure keeps you humble and Success keeps you glowing, but only Faith &
Attitude Keeps you going...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-montreal/attachments/20090411/635ca0c6/attachment.html 


More information about the Owasp-montreal mailing list