Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Google Web "Firing Range" Available

Published: 2014-11-20
Last Updated: 2014-11-20 20:03:08 UTC
by Rob VandenBrink (Version: 1)
0 comment(s)

Google has released a "Firing Range" for assessing various web application scanners, with what looks like a real focus on Cross Site Scripting.   The code was co-developed by Google and Politecnico di Milano

Targets include:

  •     Address DOM XSS
  •     Redirect XSS
  •     Reflected XSS
  •     Tag based XSS
  •     Escaped XSS
  •     Remote inclusion XSS
  •     DOM XSS
  •     CORS related vulnerabilities
  •     Flash Injection
  •     Mixed content
  •     Reverse ClickJacking

Source code is on github at  https://github.com/google/firing-range

App Engine deploy is at http://public-firing-range.appspot.com/

===============
Rob VandenBrink
Metafore

Keywords:
0 comment(s)
Diary Archives