Free Beta Anti-XSS Tool from Microsoft
Not long ago, Microsoft was the chief butt of security jokes in the IT world. It’s safe to say that they no longer wear the crown - in fact they’ve moved to being a company often pointed to as ‘getting it right.’ And that’s coming from someone typing this post from his Ubuntu Linux laptop.
Microsoft has always been very developer focused. One of the most important shifts they’ve made has been to focus their communication on the message that security bugs are just another kind of software defect to be eliminated. I’m especially pleased that they decided to invest effort into combating a classification of bug as serious as XSS, by developing code automation tools. While not quite a replacement for SCA software like Fortify, it does cover one very serious issue using automated techniques.
The Microsoft ACE Team blog just announced a ‘free’ tool (60 day beta) that’s worth checking out if you develop or security .NET web apps.
“XSSDetect runs as a Visual Studio plug-in and can detect potential XSS issues in managed code. ”
If that sounds fresh and exciting to you, visit:
http://blogs.msdn.com/ace_team/archive/2007/10/22/xssdetect-public-beta-now-available.aspx
There have been a string of newer articles posted about this tool in the meanwhile, as well: http://blogs.msdn.com/ace_team/default.aspx
If you enjoyed this post, make sure you subscribe to my RSS feed!
Posted in Information Protection |
Print this post
|
Permalink
Ghillie Suits » Free Beta Anti-XSS Tool from Microsoft said,
October 29, 2007 @ 10:34 am
[...] Check it out! While looking through the blogosphere we stumbled on an interesting post today.Here’s a quick excerptNot long ago, Microsoft was the chief butt of security jokes in the IT world. It s safe to say that they no longer wear the crown - in fact they ve moved to being a company often pointed to as getting it right. And that s coming from someone typing this post from his Ubuntu Linux laptop. Microsoft has always been very developer focused. One of the most important shifts they ve made has been… techniques. The Microsoft ACE Team blog just announced a tool (60 day beta) that s worth checking [...]