Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Veracode Offers Solution To XSS Errors

Veracode : 02 February, 2011  (New Product)
Detection of Cross-site scripting flaws now available to secure code developers from Veracode
Cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities. So, in this age of accountability and expectations for secure, high quality software, what’s being done about it?



Veracode has announced a solution to this problem: the Veracode Free XSS Detection Service. Veracode’s new service empowers global developers and security professionals to identify dangerous and costly XSS vulnerabilities quickly and easily, while offering remediation recommendations to produce higher security web applications.



OWASP includes XSS on its list of the Top 10 most dangerous software risks, and despite the high prevalence, Veracode is certain that XSS vulnerabilities can be easily eliminated once detected. Veracode Free XSS Detection Service removes perceived complexity from the detection process, and with access to proper education and training, developers can avoid introducing the flaws into software in the first place. According to OWASP, XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute scripts in the victim’s browser that can hijack user sessions, deface web sites, or redirect the user to malicious sites.



Here’s how the Veracode Free XSS Detection Service works:



• Sign up for a Free XSS Detection Service account and login at http://www.veracode.com/freeservice

• Users submit one Java application, free of charge

• The Veracode platform will search for XSS errors and produce a detailed report with location and remediation information

• Participants will also receive complimentary access to Veracode’s dedicated XSS eLearning courses



“At Veracode, we see thousands — sometimes tens of thousands — of XSS vulnerabilities a week. Many are those we describe as ’trivial’ and can be fixed with a single line of code. Some of our customers upload a new build the following day; others never do. Motivation is clearly a factor,” said Chris Eng, senior director of security research, Veracode. “Think about the XSS vulnerabilities that hit highly visible websites such as Facebook, Twitter, MySpace and others. Sometimes those companies push XSS fixes to production in a matter of hours. Are their developers really that much better? Of course not. The difference is how seriously the business takes it. When they believe it’s important, you can bet it gets fixed.”



Veracode’s patented cloud-based application security verification service enables organizations to quickly and cost-effectively validate the security of internally developed software applications, third-party components and purchased or outsourced software applications. Veracode’s “State of Software Security Report: Volume 2”showed that, with the appropriate knowledge, developers are capable of fixing security issues quickly. In cases where developers chose to remediate flaws and rescan the application, they reached an “acceptable” level of security in an average of 16 days.



“We strongly believe that many XSS errors are straightforward and easy to fix, and that much can be done to greatly reduce their occurrence. Our Free XSS Detection Service is an important step toward demonstrating that reality,” said Matt Moynahan, CEO, Veracode. “Developer and product security teams must accept greater accountability for writing better code. With this new service, there is no excuse. They can quickly and easily test an application in its final state to identify flaws before it’s made available to their partners, customers or introduced into the software supply chain.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo