October 2007 - Posts - Ravikanth's Blog

XSSDetect is a static code analysis tool that helps identify Cross-Site Scripting security flaws found within Web applications. It is able to scan compiled managed assemblies (C#, Visual Basic .NET, J#) and analyze dataflow paths from sources of user-controlled input to vulnerable outputs. It also detects whether proper encoding or filtering has been applied to the data and will ignore such "sanitized" paths.

Click here to download

Posted: Oct 23 2007, 04:14 AM by dvravikanth | with 5 comment(s) |

Filed under: Security

Security Analyst vs Hacker

When I was explaining to my friend about the approach of Security Analyst for Security testing of an Application in an organization & Hackers approach for the same application, I got the following in my mind about their fundamental differences/perspectives.

Security Analyst	Hacker
Tries to close all the doors	Tries to expose one open door
time/budget constraint	No time/No budget constraint
has to know all security issues	expertise required in one attack
resource constraint	unlimited resources
tools constraint	unlimited tools
building defenses	finding holes

Posted: Oct 18 2007, 06:03 AM by dvravikanth | with no comments

Filed under: Security

Ravikanth's Blog

Recent Posts

Tags

Navigation

Disclaimer

India MVP Blogs

Mugh blogs

My

My Favorites

My Network Places

Archives

October 2007 - Posts

How to determine computer is 32 bit or 64 bit

Some details on how XSSDetect does dataflow analysis

Microsoft releases Visual Studio plug-in to detect XSS in .NET code

Security Analyst vs Hacker