Cross Site Scripting

The Microsoft Anti-Cross Site Scripting Library (Anti-XSS) was designed to be an encoding library for developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the...

Springenwerk project is a Cross Site Scripting (XSS) security scanner, written in Python. This is my first project using Python, so please feel free to tell me about all the places in the code where I screwed up. This is open source software. Please help make this THE open source XSS scanner by...

DeXSS project provides a SAX2 Parser to help protect against Cross-site scripting (XSS) attacks. DeXSS uses TagSoup to parse potentially malformed input, followed by a SAX2 filter pipeline to remove JavaScript from HTML. You can use the DeXSS parser in place of your existing SAX2 parser, or...


Platforms: *nix

XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS.rnrnThe tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.rnrnIf the resulting HTML page sets...


Platforms: *nix

Audit your website security with Acunetix Web Vulnerability Scanner As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications -...


Platforms: Windows

Spiders a website and logs many common problems including missing resources (HTTP 400), server errors (HTTP 500), slow pages, looping redirects, missing meta tags, duplicate content and potential SQL injection/cross-site scripting (XSS) vulnerabilities. Various informational modules are also...


Platforms: Windows, Mac, Linux

Java-based Open Source WAF (Web Application Firewall) to include inside a web application in order to protect it against attacks like SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Parameter Manipulation and many more.


Platforms: Windows, Mac, Linux

Web applications face any number of threats; one of them is cross-site scripting and related injection attacks. 90% of all web applications contain cross-site scripting attacks because they are easy to introduce, and the proper tools are not always available to prevent them. There is no good...


Platforms: Windows, Mac, *nix, PHP, BSD Solaris

Paranoid Form Validator can be used to prevent security attacks (cross-site scripting, SQL injection) carried out by submitting forms with malicious data in some cases. It works by adding extra validation to forms and raising error if unsafe data were submitted in form fields.Usually these...


Platforms: PHP

Scrubbr is a BSD-licensed database scanning tool that checks numerous database technologies for the presence of possible stored cross-site scripting attacks. The tool was partially inspired by "Scrawlr", a trimmed-down version of HP's WebInspect which was released for free after the so-called...


Platforms: Mac

Just when developers are starting to run in circles over Cross Site Scripting, the 'sleeping giant' awakes for yet another web-catastrophe. Cross-Site Request Forgery (CSRF) is an attack whereby the victim is tricked into loading information from or submitting information to a web application for...


Platforms: Mac

The JASPA DOM API is a full abstraction layer for cross-browser scripting. It is written in a strongly-typed language modelled on AS3, and the JASPA compiler converts it into regular javascript.


Platforms: PHP

Ch is an embeddable C/C++ interpreter for cross-platform scripting, shell programming, 2D/3D plotting, numerical computing, and embedded scripting. C/Ch/C++ allow users to use one language, anywhere and everywhere, for any programming tasks. Ch is the solution for: Embedded Scripting; Enterprise;...


Platforms: Windows, *nix

Chatty :) is a very nice script that lets you create a simple but very-good looking chat in a few minutes.Distributed under GPL and written entirely in PHP, it is highly customizable and fully open to modifications. Now works properly also with non-western languages.It requires MySQL as a backend...


Platforms: PHP

Chatty :) is a very nice script that lets you create a simple but very-good looking chat in a few minutes.Distributed under GPL and written entirely in PHP, it is highly customizable and fully open to modifications. Now works properly also with non-western languages.It requires MySQL as a backend...


Platforms: PHP

dotDefender Monitor for Apache is the only way to know who is attacking your web site in real time. Residing on the server as webserver plug-in, dotDefender can be installed and implemented in minutes without influence on traffic or network architecture. dotDefender Monitor provides plug-and-play...


Platforms: *nix

CGIWrap 4.1 update protects against a cross-site scripting vulnerability in the error page handling due to how some browsers behave when a charset is not specified. CGIWrap now sets a default charset and allows overriding it during the configure process.


Platforms: *nix

blogBuddies provides an RSS and Atom aggregator that emulates the LiveJournal Friends page. blogBuddies gathers RSS and Atom feeds into a layout similar to the LiveJournal Friends page. It is optimized for blogs, and works with Blogger, LiveJournal, DeadJournal, GreatestJournal, Xanga, RSS, and...


Platforms: *nix

XSS Shell script is a powerful XSS backdoor. XSS Shell allows interactively getting control over a Cross-site Scripting (XSS) vulnerability in a web application. It demonstrates the real power and damage of Cross-site Scripting attacks. Whats New in This Release: Regenerating Pages - This...


Platforms: *nix

ipcalc project takes an IP address and netmask and calculates the resulting broadcast, network, Cisco wildcard mask, and host range. By giving a second netmask, you can design subnets and supernets. It is also intended to be a teaching tool and presents the subnetting results as...


Platforms: *nix