[ OWASP - Montreal ] XSS vulnerablity scanner implementation
arunsarangan at gmail.com
Sat Apr 11 15:10:21 EDT 2009
Hi Martin,Thanks for your prompt reply.
I made a small c# application which reads a vulnerable php program (with no
input validation) , and i check for $_GET, $_POST, $_REQUEST values and i
validate them for XSS vulnerabilities (for now) by appending a input
validation code to the vulnerable code through c# program. Now every $_GET,
$_POST, $_REQUEST value , goes through this check .
So basically a programmer types a vulnerable source code in the c#
application , and he gets back a secure code.
Can you give me more ideas to improve my c# application.
On Sat, Apr 11, 2009 at 1:10 PM, Martin Verreault <mverreault at gmail.com>wrote:
> Hello Arun,
> Pixy is a xss and sql scanner for php.It's made in Java and it is well
> You can learn how they parsed the php in their technical report :
> Website : http://pixybox.seclab.tuwien.ac.at/pixy/index.php
> Good luck with your project!
> On Wed, Apr 8, 2009 at 5:34 PM, Arun Sarangan <arunsarangan at gmail.com>
> > Hi,
> > First of all , I would like to thank OWASP Board members for arranging
> > wonderful presentation yesterday.
> > I am trying to implement a XSS vulnerablity scanner for PHP code as my
> > course mini project.
> > The scanner should scan single php file and produce vulnerable lines as
> > output.
> > Can you give some idea like which language supports php parser to start
> > with.
> > Thanks,
> > Arun
> > --
> > Happiness keeps you Sweet, Trials keep you Strong, Sorrow keeps you
> > Failure keeps you humble and Success keeps you glowing, but only Faith &
> > Attitude Keeps you going...
> > _______________________________________________
> > Owasp-montreal mailing list
> > Owasp-montreal at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-montreal
Happiness keeps you Sweet, Trials keep you Strong, Sorrow keeps you Human,
Failure keeps you humble and Success keeps you glowing, but only Faith &
Attitude Keeps you going...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-montreal