[ OWASP - Montreal ] XSS vulnerablity scanner implementation

Sean Coates sean at caedmon.net
Thu Apr 16 11:54:12 EDT 2009


> For this, look at PHP Tokenizer, it's the best way to implement it...

Did someone say tokens?! (-;

I have a pet project called the Tokalizer that helps make the PHP  
tokenizer's output usable:
http://github.com/scoates/tokalizer

(I just moved it to github last night, and I'm a git newbie, so expect  
some instability (-; The code is also pretty young, but it does cool  
stuff (like context-sensitive diffing and grep))

Also, there's parsekit, which we use for an internal vulnerability  
tester (and I seriously need to build a release soon):
http://pecl.php.net/parsekit

Some info on our internal tool (uses parsekit) here:
http://lukewelling.com/2008/07/23/oscon-2008-snap-php-taint-tool/

</plug> (at least it was on-topic (-; )

S



More information about the Owasp-montreal mailing list