lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 18 May 2011 19:12:58 +0200
From: Stefano Di Paola <stefano.dipaola@...ec.it>
To: Owasp webappsec <webappsec@...ts.owasp.org>
Cc: WascSf <webappsec@...urityfocus.com>,
	Wasc <websecurity@...appsec.org>, Btq <bugtraq@...urityfocus.com>
Subject: DOMinator - The DOMXss Analyzer Tool - is finally public

What is DOMinator?
DOMinator is a Firefox based software for analysis and identification of
DOM Based Cross Site Scripting issues (DOMXss).
It is the first runtime tool which can help security testers to identify
DOMXss.

How it works?

It uses dynamic runtime tainting model on strings and can trace back
taint propagation operations in order to understand if a DOMXss
vulnerability is actually exploitable.
...

If you're interested in it continue the reading here:
http://blog.mindedsecurity.com/2011/05/dominator-project.html 

More whitepapers in the next days.

Cheers 
Stefano



-- 
...oOOo...oOOo....
Stefano Di Paola
Software & Security Engineer

Owasp Italy R&D Director

Web: www.wisec.it
Twitter: http://twitter.com/WisecWisec
..................

Powered by blists - more mailing lists