Projects/OWASP X5s Project/Releases/x5s v1.0.1

From OWASP
Revision as of 15:19, 1 December 2010 by Paulo Coimbra (Talk | contribs)

Jump to: navigation, search

back to project home page

what is this release?
x5s v1.0.1 - 06/05/2010 - (download)
Release Description: x5s was first and foremost designed to find encoding and character transformation issues that can lead to XSS vulnerability, and present them in a visual way where they could be reviewed with a quickness. Many tools exist for testing Web-applications to find cross-site scripting bugs. There are browser plugins, Web-scanners, and static code analyzers. We use whatever suits us in a given situation and produces the output we're interested in receiving. We developed x5s for penetration testers and other security-minded persons who already know how to find and exploit an XSS vulnerability. The tool has a slightly different bent than other tools we've used.

It's main goals include:

  • Automate finding the encoding issues that can lead to XSS.
  • Identify where character transformations occur by injecting multibyte characters such as higher Unicode code points and non-shortest form character encodings.
Release License: New BSD
who worked on this release?
Release Leader(s):
how can you learn more?
Release Notes: View
Release Rating: Yellow button.JPG Not Reviewed - Assessment Details
Key Contacts
  • Contact the GPC to report a problem or concern about this release info or to update information.