Full Disclosure: Re: DOMinator - The DOMXss Analyzer Tool

Re: DOMinator - The DOMXss Analyzer Tool - is finally public

From: IEhrepus <5up3rh3i () gmail com>
Date: Wed, 18 May 2011 20:34:20 -0700

hi

DOMinator can't work on firefox 3.6.17?


hitest


2011/5/18 Stefano Di Paola <wisec () wisec it>

What is DOMinator?
DOMinator is a Firefox based software for analysis and identification of
DOM Based Cross Site Scripting issues (DOMXss).
It is the first runtime tool which can help security testers to identify
DOMXss.

How it works?

It uses dynamic runtime tainting model on strings and can trace back
taint propagation operations in order to understand if a DOMXss
vulnerability is actually exploitable.
...

If you're interested in it continue the reading here:
http://blog.mindedsecurity.com/2011/05/dominator-project.html

More whitepapers in the next days.

Cheers
Stefano



--
...oOOo...oOOo....
Stefano Di Paola
Software & Security Engineer

Owasp Italy R&D Director

Web: www.wisec.it
Twitter: http://twitter.com/WisecWisec
..................



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

DOMinator - The DOMXss Analyzer Tool - is finally public Stefano Di Paola (May 18)
- Re: DOMinator - The DOMXss Analyzer Tool - is finally public IEhrepus (May 19)
  - Re: DOMinator - The DOMXss Analyzer Tool - is finally public Stefano Di Paola (May 19)