http://blogs.msdn.com/hackers/archive/2007/10/23/some-technical-details-on-how-xssdetect-does-dataflow-analysis.aspxHi, my name is Hassan Khan. I work for the ACE Engineering Team, which is a part of the ACE (Application Consulting &amp; Engineering) Team . We develop tools and solutions to help secure Microsoft Line of Business applications, websites and also worken-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/hackers/archive/2007/10/23/some-technical-details-on-how-xssdetect-does-dataflow-analysis.aspx#5642926Wed, 24 Oct 2007 10:09:55 GMT91d46819-8472-40ad-a661-2c78acb4018c:5642926ACE Team - Security, Performance & Privacy<p>Just a brief update, Hassan Khan one of the lead developers of XSSDetect and part of our ACE Engineering</p> http://blogs.msdn.com/hackers/archive/2007/10/23/some-technical-details-on-how-xssdetect-does-dataflow-analysis.aspx#5646343Wed, 24 Oct 2007 13:06:21 GMT91d46819-8472-40ad-a661-2c78acb4018c:5646343Ravikanth's Blog <p>ACE Engineering team has posted up some technical details on how XSSDetect uses data flow analysis to</p> http://blogs.msdn.com/hackers/archive/2007/10/23/some-technical-details-on-how-xssdetect-does-dataflow-analysis.aspx#5650182Wed, 24 Oct 2007 16:44:39 GMT91d46819-8472-40ad-a661-2c78acb4018c:5650182orysegal<P>Quote: "Most tools in the market, if not all, are not very good at it. Static analysis tools on the other hand scan the application source code or binaries to detect programming errors. Consequently, they offer 100% coverage and are able to identify many more vulnerabilities than penetration testing tools. XSSDetect is a static analysis tool. "</P> <P>Harsh words, and without a lot of basis on real facts if I may add. Ask around actual customers of source code analysis tools, and they will bitch and complain about the amount of false positives and noise that these tools produce.</P> <P>Preferring whitebox over blackbox is ridiculous. One technique on its own will never be able to provide 100% security coverage.</P>http://blogs.msdn.com/hackers/archive/2007/10/23/some-technical-details-on-how-xssdetect-does-dataflow-analysis.aspx#5662596Thu, 25 Oct 2007 10:44:05 GMT91d46819-8472-40ad-a661-2c78acb4018c:5662596biac の それさえもおそらくは幸せな日々@nifty<p>MS ダウンロードセンターより。 XSS Detect Beta Code Analysis Tool Version: 1.0Date Published:</p> http://blogs.msdn.com/hackers/archive/2007/10/23/some-technical-details-on-how-xssdetect-does-dataflow-analysis.aspx#5670783Thu, 25 Oct 2007 18:28:09 GMT91d46819-8472-40ad-a661-2c78acb4018c:5670783Blake Niemyjski<p>The &amp;quot;Ace&amp;quot; team inside of Microsoft has kindly released a plug-in for Visual Studio called XSSDetect</p> http://blogs.msdn.com/hackers/archive/2007/10/23/some-technical-details-on-how-xssdetect-does-dataflow-analysis.aspx#5737678Sun, 28 Oct 2007 15:26:03 GMT91d46819-8472-40ad-a661-2c78acb4018c:5737678CoqBlog<p>XSSDetect est un addin pour Visual Studio destin&#233; &#224; aider l'utilisateur &#224; &#233;liminer les probl&#232;mes d' XSS</p> http://blogs.msdn.com/hackers/archive/2007/10/23/some-technical-details-on-how-xssdetect-does-dataflow-analysis.aspx#5752558Mon, 29 Oct 2007 04:57:23 GMT91d46819-8472-40ad-a661-2c78acb4018c:5752558Aaron Stebner's WebLog<p>I ran across a few interesting posts on the Application Consulting and Engineering (ACE) team's blog</p>