Tuesday, March 25, 2008

Check Whether Your Website IS XSS Vulnerable?

Free Cross Site Scripting Security Scanner

Acunetix, last year in November, launched a Free edition of its popular web vulnerability scanner, which allows companies to check for cross site scripting vulnerabilities in their websites at no charge. The Free Edition of Acunetix Web Vulnerability Scanner (WVS) is available here.

What is Cross Site Scripting?

Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet. Cross site scripting vulnerabilities are extremely dangerous and the number of the attacks is on the rise. More information about Cross Site Scripting can be found at here.

In a study conducted by Acunetix, 42% of the websites scanned with Acunetix WVS were found to be vulnerable to Cross Site Scripting.

“Companies don’t realize the danger their web sites are under and are therefore reluctant to invest in web vulnerability scanners. Consequently, security officers don’t have the tools to protect their websites. The free XSS scanner will give security officers access to a professional cross site scanning tool, that will allow them to assess their web sites for the cross site scripting danger,” said Jonathan Spiteri, Technical Manager of Acunetix.

Scanning for XSS vulnerabilities with Acunetix WVS Free Edition


To check whether your website has cross site scripting vulnerabilities, download the free edition from here. This version will scan any website / web application for XSS vulnerabilities and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the web-site). A detailed guide how to scan for cross site scripting vulnerabilities can be found here.

The Free Edition also allows you to sample what other threats Acunetix WVS can find by allowing you to scan the Acunetix test sites for vulnerabilities.

14 comments:

Quyen said...

Gorgeous!

Anonymous said...

I was recommended this blog by my cousin. I'm not sure whether this post
is written by him as nobody else know such detailed
about my difficulty. You are wonderful! Thanks!


Feel free to visit my weblog damp proofing north east

Anonymous said...

Awesome blog! Is your theme custom made or did you download it from somewhere?
A design like yours with a few simple tweeks would really make my blog jump out.
Please let me know where you got your design. Kudos

Here is my blog post :: candle holders

Anonymous said...

Hi there, I think your web site might be having web browser
compatibility issues. When I look at your web site in Safari, it
looks fine but when opening in I.E., it's got some overlapping issues.
I simply wanted to give you a quick heads up! Aside from that,
wonderful website!

Review my weblog: pakistani phone calls

Anonymous said...

Thanks for finally writing about > "Check Whether Your Website IS XSS Vulnerable?" < Loved it!

Look into my website best Blackberry phones []

Anonymous said...

Quality articles is the crucial to invite the visitors to visit the web
page, that's what this web page is providing.

Also visit my web-site ... Smartphone Checker UK

Anonymous said...

Nice blog here! Also your site loads up very fast!
What host are you using? Can I get your affiliate link to your host?
I wish my web site loaded up as fast as yours lol

Feel free to visit my site :: skinny chinos

Anonymous said...

If you want to obtain a good deal from this paragraph then you have
to apply these strategies to your won web site.


my web page ... best smartphone checker

Anonymous said...

Wow, that's what I was looking for, what a information!

existing here at this weblog, thanks admin of this website.


Feel free to surf to my web-site ... Cheap Calls to South Africa with Dial123.co.uk

Anonymous said...

Excellent post. I will be dealing with a few of these issues as
well..

Also visit my web blog ... designer vases

Anonymous said...

Greetings from Colorado! I'm bored to death at work so I decided to browse your site on my iphone during lunch break.
I really like the information you present here and can't wait to take a look when I get
home. I'm surprised at how quick your blog loaded on my mobile ..
I'm not even using WIFI, just 3G .. Anyways, great
site!

Also visit my blog post; all doro phones

Anonymous said...

Whats up this is somewhat of off topic but I was wanting to know
if blogs use WYSIWYG editors or if you have to manually code with HTML.
I'm starting a blog soon but have no coding knowledge so I wanted to get guidance from someone with experience.
Any help would be greatly appreciated!

my website :: vegetarian recipes

Anonymous said...

I'm gone to say to my little brother, that he should also
pay a quick visit this weblog on regular basis to obtain updated from hottest gossip.


Here is my site: online Excel training courses

Anonymous said...

Thanks , I have recently been looking for information approximately this topic for a long time and
yours is the greatest I have discovered so far. But, what concerning the bottom line?
Are you sure in regards to the supply?

my web site - Cheap Calls to South Africa with Dial123.co.uk