XSSDetect Public Beta now Available!

XSSDetect public beta is now available for download on MSDN.

Overview

XSSDetect is a static code analysis tool that helps identify Cross-Site Scripting security flaws found within Web applications. It is able to scan compiled managed assemblies (C#, Visual Basic .NET, J#) and analyze dataflow paths from sources of user-controlled input to vulnerable outputs. It also detects whether proper encoding or filtering has been applied to the data and will ignore such "sanitized" paths.

Related resources:

• Anti-Cross Site Scripting Library
• How To: Prevent Cross-Site Scripting in ASP.NET

My related posts:

• XSS? - Do not Make Me Laugh, We Use WinForms

Enjoy