[ OWASP - Montreal ] XSS vulnerablity scanner implementation

Sean Coates sean at caedmon.net
Thu Apr 16 11:54:12 EDT 2009

> For this, look at PHP Tokenizer, it's the best way to implement it...

Did someone say tokens?! (-;

I have a pet project called the Tokalizer that helps make the PHP  
tokenizer's output usable:

(I just moved it to github last night, and I'm a git newbie, so expect  
some instability (-; The code is also pretty young, but it does cool  
stuff (like context-sensitive diffing and grep))

Also, there's parsekit, which we use for an internal vulnerability  
tester (and I seriously need to build a release soon):

Some info on our internal tool (uses parsekit) here:

</plug> (at least it was on-topic (-; )


More information about the Owasp-montreal mailing list