DOM Snitch XSS Testing Tool by Google

Google has released a Chrome extension that is capable of checking client-side code for cross-site scripting weaknesses and other security issues. Called DOM Snitch, the still-experimental extension intercepts JavaScript calls to potentially dangerous functions like document.write, document.cookie, HTMLElement.innerHTML and others. It records a complete stack trace allowing the user to determine if the calls can lead to cross-site scripting, mixed content, violations of the same-origin DOM policy and other issues. "DOM Snitch is intended for use by developers, testers, and security researchers alike," says Radoslav Vasilev, a Google security test engineer. The benefits of DOM Snitch include the ability to inspect DOM modifications in real-time without the need of debuggers, built-in security heuristics and nested views, as well as export capability. The easy exporting of captured DOM modifications enables developers to ask for help from their peers when troubleshooting issues. DOM Snitch is not the only security tool released by Google for developers. Its open source Skipfish and Ratproxy web application vulnerability scanners are also capable of detecting XSS, XSRF and other flaws.
JavaScript is a critical component in many web attacks, both client-side and server-side. It is used in most drive-by exploits, as well as to obfuscate malicious code on compromised websites. There are several types of cross-site scripting vulnerabilities. Persistent ones are most dangerous because they can be exploited to insert rogue code into pages permanently. Non-persisted or reflected ones can only be exploited by tricking users into opening malformed URLs.
DOM-based XSS flaws like the ones DOM Snitch helps identify are more complicated and can be exploited to load non-HTML code from a server or write code into the page directly on the client-side.

For More Info and to Download Click HERE


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH



Post a Comment

Related Posts Plugin for WordPress, Blogger...