« Automated Blackbox Crawling: The Next Generation | Main | toStaticHTML: The Second Encounter (CVE-2012-1858) »

July 02, 2012

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d835130c5153ef017742da5ee1970d

Listed below are links to weblogs that reference XSS Analyzer Gives You 700 Million Reasons To Feel Secure:

Comments

Diogenes De Jesus

Hi there.

When will it be available and in which version of AppScan can I test it?

Thanks!

Omri Weisman

XSS Analyzer is available today in AppScan Enterprise 8.6.

Trevor Stevado

I think this is a great advancement and accomplishment, but I have a problem with the way this is positioned and marketed.

Look at your title... 700 million reasons to feel secure. The ability to locate and fix all the xss flaws in your application does not mean that your application is secure. There are many other types of vulnerabilities that an application can exposed to which could be far more dangerous than XSS. Secondly, calling it an 'expert human pen tester in a box' is insulting to actual expert human pen testers. As I mentioned, xss is just a small fraction of what an expert human pentester will look for in an application.

I do see the value in tools such as Appscan and other scanners. For certain types of vulnerabilities (like xss) a tool can be much better and much more thorough at finding flaws. An expert human pen tester uses these tools as a part of their testing, to compliment their manual testing, and provide a more complete assessment of the application. However the tool on its own does not make your application secure.

dumbz

700 Million ge? tai duo le!!!

LawrenceDGerard

AppScan Standard 8.6 is now available with XSS Analyzer. To get a free trial you can click on the "now" that has been added to the last line of the blog. Or just follow this link www.ibm.com/developerworks/downloads/r/appscan

Jonn Callahan

So this seems interesting enough. All the advertisements for this specifically mention reflective XSS. Is the scanner not equipped to find stored or DOM? If so, why not? Stored is definitely the most dangerous of the three even if it is less common.

The comments to this entry are closed.

Follow us on Twitter

AppScan Free Trial


Try IBM Security AppScan software at no charge.

Become a Fan