Microsoft releases XSSDetect: A Cross Site Scripting detection plug-in for Visual Studio

October 25, 2007

1 minute read

The “Ace” team inside of Microsoft has kindly released a plug-in for Visual Studio called XSSDetect. XSSDetect is a “static code analysis plug-in that will identify Cross-Site Scripting security flaws in any managed Web Application” (Microsoft).

XSSDetect analyzes .NET Intermediate Language (IL) read directly from the compiled binaries. It takes apart all assemblies, modules, classes and methods down to each instruction. It then identifies statements where untrusted user data enters the application and where dangerous methods are called. These form the two sets of statements (sources and sinks) between which XSSDetect then finds dataflow paths. This is the same algorithm that is employed when an application is code reviewed manually by an experienced security analyst (Some technical details on how XSSDetect does Dataflow Analysis).

Source

XSSDetect Public Beta now Available!

Download

XSS Detect Beta Code Analysis Tool

Join the mailing list

Get notified of new posts and related content to your inbox. I will never sell you anything and I will NEVER sell your email address.

blog

Home

Home Automation

Programming

Reviews

Public Speaking

About

Recent Posts

How-to get notifications when your mailbox is opened

Disturbing trends in smart home products and services

Securing smart home devices with ESPHome and Home Assistant

Building and maintaining a smart home presentation