Difference between revisions of "Projects/OWASP X5s Project/Releases/x5s v1.0.1"

Jump to: navigation, search
(One intermediate revision by one other user not shown)
Line 16: Line 16:
| leader_name1 = ChrisWeber
| leader_name1 = ChrisWeber
| leader_email1 = chrisweber@live.com
| leader_email1 = chris.weber@owasp.org
| leader_username1 = Chrisweber
| leader_username1 = ChrisWeber
| release_notes = http://www.owasp.org/index.php/Projects/OWASP_X5s_Project/Releases/x5s_v1.0.1/Notes
| release_notes = http://www.owasp.org/index.php/Projects/OWASP_X5s_Project/Releases/x5s_v1.0.1/Notes

Latest revision as of 18:10, 6 December 2010

back to project home page

what is this release?
x5s v1.0.1 - 06/05/2010 - (download)
Release Description: x5s was first and foremost designed to find encoding and character transformation issues that can lead to XSS vulnerability, and present them in a visual way where they could be reviewed with a quickness. Many tools exist for testing Web-applications to find cross-site scripting bugs. There are browser plugins, Web-scanners, and static code analyzers. We use whatever suits us in a given situation and produces the output we're interested in receiving. We developed x5s for penetration testers and other security-minded persons who already know how to find and exploit an XSS vulnerability. The tool has a slightly different bent than other tools we've used.

It's main goals include:

  • Automate finding the encoding issues that can lead to XSS.
  • Identify where character transformations occur by injecting multibyte characters such as higher Unicode code points and non-shortest form character encodings.
Release License: New BSD
who worked on this release?
Release Leader(s):
how can you learn more?
Release Notes: View
Release Rating: Yellow button.JPG Not Reviewed - Assessment Details
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.