XSSDetect Public Beta now Available!

XSSDetect Public Beta now Available!

Rate This
  • Comments 39

One of the biggest, constant problems we've seen our enterprise customers deal with and we here at Microsoft have to also contend with is that of the XSS (Cross Site Scripting) bug.  It's very common and unfortunately, still an issue we have to deal with in many web applications.  Internally, the ACE Team has been working on several projects to help mitigate and fix these issues, as well as detect them in the code bases that we review so that they can be fixed before going live.

XSSDetect runs as a Visual Studio plug-in and can detect potential XSS issues in managed code. 

Here's a screenshot:

XSSDetect

While the functionality may seem straight forward, many years of research and hard work have gone into making XSSDetect a reality.  XSSDetect is a stripped down version of our enterprise ready Code Analysis Tool for .NET code bases (CAT.NET for short).  CAT.NET adds such features as VSTF integration, centralized reporting using web services, customized rulesets and filters, integration with FXCop and MSBUILD as well as the ability to run from the command line to integrate with your build processes (or if you're just old school and rock it like that ;)   

XSSDetect is currently in beta so we welcome your feedback!  This current version of the beta will expire after 60 days.  To send us your feedback, we encourage you to leave comments below or contact us via the 'Email' link above. 

Click here to DOWNLOAD now!

 

  • Can this be integrated into FXCop?

  • I've talked about threat modeling being one part of the overall information security puzzle... there

  • Las técnicas de XSS (Cross Site Scripting) son de las mas frecuentes junto con otras viejas amigas. Microsoft

  • I've talked about threat modeling being one part of the overall information security puzzle... there

  • Good News anyway.

  • MS ダウンロードセンターより。 XSS Detect Beta Code Analysis Tool Version: 1.0Date Published:

  • I think this tool require prior installation of Visual Studio 2005. Do you have any plans to give this tool as seperate exe where one can run on any set of .aspx files. I think if you remove dependency more people tend to use the tools and also you can expect good feedback.

  • Is "CAT .NET" different from FxCop, and if so is it currently available for evaluation or use?

  • Will this work with VS 2008?

  • XSSDetect is available for download now. It's tool which helps identify Cross Site Scripting Vulnerabilities

  • En beta-version av ett nytt verktyg är släppt för att upptäcka om man eventuellt har några säkerhetshål

  • En beta-version av ett nytt verktyg är släppt för att upptäcka om man eventuellt har några säkerhetshål

  • On a 2 GB machine I got an OutOfMemoryException on several large solutions where I tried this tool. The tool also doesn't seem to detect XSS issues when <%= variable %> is used in an .aspx file. Can you give some info on exactly what methods of input and output the tool checks, it's capabilities and limitations?

  • Great news, I was looking for something like that for a long time..

Page 1 of 3 (39 items) 123