I’ve been a member of OWASP (open web application security project) for a while now (probably I guess you could say I started when they picked up the XSS Cheat Sheet last year when Andrew Vanderstock wrote version 2.0).  I’d recommend it as an organization if you happen to live where there is a local chapter that meets regularly.  My particular region never meets, but where I moved from used to meet about once a month.

OWASP isn’t just a group of guys sitting around talking about webappsec, which would be cool enough if you ask me.  It’s also driving industry initiatives and becoming a body of knowledge that some companies, like VISA are using as their compliance standards.  It’s good to know you are actually making an impact.

Anyway, the official email went out about CAL9000, which I thought I’d restate from Jeff Williams’ post at Security Focus (”RSnake powered” cracked me up).  If you haven’t taken a look, try it out.  I think of it as a first generation XSS auditing tool, but it really will pave the way for more tools like it in the future.  Ultimately I think this will have to turn into a proxy like tool, like Burp Proxy or Paros, or even something more automated, but for the time being it’s about the best tool out there.  Thanks to OWASP for hosting it though.  Good bunch of guys.

This entry was posted on Wednesday, June 14th, 2006 at 9:05 am and is filed under XSS, Webappsec. You can leave a response as well.