Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Veracode Offers Solution To XSS Errors

Veracode : 02 February, 2011  (New Product)
Detection of Cross-site scripting flaws now available to secure code developers from Veracode
Cross-site scripting (XSS) errors are responsible for more than half of all web application vulnerabilities. So, in this age of accountability and expectations for secure, high quality software, what’s being done about it?

Veracode has announced a solution to this problem: the Veracode Free XSS Detection Service. Veracode’s new service empowers global developers and security professionals to identify dangerous and costly XSS vulnerabilities quickly and easily, while offering remediation recommendations to produce higher security web applications.

OWASP includes XSS on its list of the Top 10 most dangerous software risks, and despite the high prevalence, Veracode is certain that XSS vulnerabilities can be easily eliminated once detected. Veracode Free XSS Detection Service removes perceived complexity from the detection process, and with access to proper education and training, developers can avoid introducing the flaws into software in the first place. According to OWASP, XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute scripts in the victim’s browser that can hijack user sessions, deface web sites, or redirect the user to malicious sites.

Here’s how the Veracode Free XSS Detection Service works:

• Sign up for a Free XSS Detection Service account and login at

• Users submit one Java application, free of charge

• The Veracode platform will search for XSS errors and produce a detailed report with location and remediation information

• Participants will also receive complimentary access to Veracode’s dedicated XSS eLearning courses

“At Veracode, we see thousands — sometimes tens of thousands — of XSS vulnerabilities a week. Many are those we describe as ’trivial’ and can be fixed with a single line of code. Some of our customers upload a new build the following day; others never do. Motivation is clearly a factor,” said Chris Eng, senior director of security research, Veracode. “Think about the XSS vulnerabilities that hit highly visible websites such as Facebook, Twitter, MySpace and others. Sometimes those companies push XSS fixes to production in a matter of hours. Are their developers really that much better? Of course not. The difference is how seriously the business takes it. When they believe it’s important, you can bet it gets fixed.”

Veracode’s patented cloud-based application security verification service enables organizations to quickly and cost-effectively validate the security of internally developed software applications, third-party components and purchased or outsourced software applications. Veracode’s “State of Software Security Report: Volume 2”showed that, with the appropriate knowledge, developers are capable of fixing security issues quickly. In cases where developers chose to remediate flaws and rescan the application, they reached an “acceptable” level of security in an average of 16 days.

“We strongly believe that many XSS errors are straightforward and easy to fix, and that much can be done to greatly reduce their occurrence. Our Free XSS Detection Service is an important step toward demonstrating that reality,” said Matt Moynahan, CEO, Veracode. “Developer and product security teams must accept greater accountability for writing better code. With this new service, there is no excuse. They can quickly and easily test an application in its final state to identify flaws before it’s made available to their partners, customers or introduced into the software supply chain.”
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo