Recently Qualys extended the cross-site scripting (XSS) detection capabilities of Qualys Web Application Scanning (WAS) by adding a new mechanism for detecting DOM based XSS (DOM XSS) vulnerabilities. The new mechanism works in an automated manner with no special setup or knowledge requirements, enabling security teams to greatly reduce the risk from these typically hard-to-detect vulnerabilities. Because of the technique Qualys WAS uses, it also indicates the location in your code of any XSS bugs found, which is pretty convenient for your development teams.
The conference is organized by OWASP, a nonprofit with 200 chapters in 100 countries whose mission is to “make software security visible.” OWASP, which stands for Open Web Application Security Project, seeks to help individuals and organizations worldwide make informed decisions about software security risks.
The recent Global OWASP AppSec conference the week of November 18 – 22 at the Marriott Marquis in New York City was a great way to learn more about the latest trends in application security and exchange ideas with other application security professionals. The conference included updates on many of the OWASP projects as well as some interesting presentations such as:
- OWASP Zed Attack Proxy – Simon Bennetts
- Hack.me: a new way to learn web application security – Armando Romeo
- The Perilous Future of Browser Security – RSnake