This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Projects/OWASP X5s Project"

From OWASP
Jump to: navigation, search
(Created page with '{{Template:Project About | project_name = OWASP X5s Project | project_home_page = OWASP Fiddler Addons for Security Testing Project | project_description = Active XSS testing an…')
 
Line 26: Line 26:
 
| presentation_link =
 
| presentation_link =
  
| mailing_list_name =  
+
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-fast-project
  
 
| project_road_map =  
 
| project_road_map =  

Revision as of 19:18, 29 November 2010

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP X5s Project (home page)
Purpose: Active XSS testing and input/output encoding detection

x5s is a Fiddleraddon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. This is not a point and shoot tool, it requires some understanding of how encoding issues lead to XSS, and it requires manual driving.

It's main goal is to help you identify the hotspots where XSS might occur by:

  • Detecting where safe encodings were not applied to emitted user-inputs
  • Detecting where Unicode character transformations might bypass security filters
  • Detecting where non-shortest UTF-8 encodings might bypass security filters
License: New BSD
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: Not Yet Created
Main links:
Key Contacts
current release
x5s v1.0.1 - 06/05/2010 - (download)
Release description: x5s was first and foremost designed to find encoding and character transformation issues that can lead to XSS vulnerability, and present them in a visual way where they could be reviewed with a quickness. Many tools exist for testing Web-applications to find cross-site scripting bugs. There are browser plugins, Web-scanners, and static code analyzers. We use whatever suits us in a given situation and produces the output we're interested in receiving. We developed x5s for penetration testers and other security-minded persons who already know how to find and exploit an XSS vulnerability. The tool has a slightly different bent than other tools we've used.

It's main goals include:

  • Automate finding the encoding issues that can lead to XSS.
  • Identify where character transformations occur by injecting multibyte characters such as higher Unicode code points and non-shortest form character encodings.
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Not Yet Reviewed


other releases