Saturday, October 27, 2007

ExploitMe: Free Firefox Plug-Ins Test Web Apps

Canadian researchers have built a set of free exploit tools for Web applications that run as Firefox browser plug-ins; the so-called ExploitMe suite includes tools for cross-site scripting (XSS) and SQL injection, two of the most common vulnerabilities found on Websites. Nishchal Bhalla, founder of Security Compass, and his fellow researchers at the firm will demonstrate and release the new exploit tools -- aimed at facilitating penetration testing of Web applications -- at next month’s SecTor security conference in Toronto. The tools let researchers, Web app developers, and quality assurance staffers "fuzz" their Web apps for vulnerabilities to XSS and SQL injection attacks.

Read the article HERE.

XSSDetect Public Beta now Available!
One of the biggest, constant problems we've seen our enterprise customers deal with and we here at Microsoft have to also contend with is that of the XSS (Cross Site Scripting) bug. It's very common and unfortunately, still an issue we have to deal with in many web applications. Internally, the ACE Team has been working on several projects to help mitigate and fix these issues, as well as detect them in the code bases that we review so that they can be fixed before going live.

Read the article HERE.

0 Comments:

Post a Comment

<< Home