Improved XSS Detection

Thu Apr 24 2014 14:16:14 GMT+0100 (BST)

The Websecurify dev team has spent the last 3 months completely revamping our entire Suite. First we re-wrote our testing engine (now known as Sparta). Second, we separated the suite applications from the customer-facing site. And now we are trowing all our efforts at improving the detection accuracy and speed of all tests, starting from Cross-site Scripting (XSS).

Screenshot 01

We are very happy to show some of the results as seen from the screenshot above. The scanner now detects 26 out of the 32 Cross-site Scripting tests present in WAVSEP benchmark. Why 26 you may ask? Well, we are simply ignoring client-side VisualBasic. There are 6 VB tests, which we skip. The fact of the matter is that the adoption rate of VisualBasic is practically zero so we have considered that it is better to concentrate on what is current vs. spending time and resources detecting vulnerabilities in a technology that is barely used.

The next benchmark, which we are planning to cover 100%, is SQL injection. We are showing a lot of positive results already. We will keep you updated.

Comments Powered ByDisqus