[ OWASP - Montreal ] XSS vulnerablity scanner implementation

Arun Sarangan arunsarangan at gmail.com
Thu Apr 16 15:36:35 EDT 2009

Thank you guys .. its a great deal of help =)

On Thu, Apr 16, 2009 at 11:54 AM, Sean Coates <sean at caedmon.net> wrote:

> For this, look at PHP Tokenizer, it's the best way to implement it...
> Did someone say tokens?! (-;
> I have a pet project called the Tokalizer that helps make the PHP
> tokenizer's output usable:
> http://github.com/scoates/tokalizer
> (I just moved it to github last night, and I'm a git newbie, so expect some
> instability (-; The code is also pretty young, but it does cool stuff (like
> context-sensitive diffing and grep))
> Also, there's parsekit, which we use for an internal vulnerability tester
> (and I seriously need to build a release soon):
> http://pecl.php.net/parsekit
> Some info on our internal tool (uses parsekit) here:
> http://lukewelling.com/2008/07/23/oscon-2008-snap-php-taint-tool/
> </plug> (at least it was on-topic (-; )
> S

Happiness keeps you Sweet, Trials keep you Strong, Sorrow keeps you Human,
Failure keeps you humble and Success keeps you glowing, but only Faith &
Attitude Keeps you going...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-montreal/attachments/20090416/4a1dd806/attachment.html 

More information about the Owasp-montreal mailing list