Google has just released a Chrome extension that is capable of checking client side code for XSS vulnerability and other JavaScript related security weakness of the web applications. This tool is called DOM Snitch.”DOM Snitch is intended for use by developers, testers, and security researchers alike,” says Radoslav Vasilev, a Google security test engineer.XSS is a harmful web application vulnerability and it is available on most of the popular website. Security researchers are also becoming smarter. So, finding XSS is not easier for them. DOM based XSS is hard to prevent while development. So we need some nice tools that can easily detect DOM based XSS vulnerabilities.
There are many nice tools available. But, we can also give this tool a try.
Here are the benefits of using DOM Snitch:
- Real-time: Developers can observe DOM modifications as they happen inside the browser without the need to step through JavaScript code with a debugger or pause the execution of their application.
- Easy to use: With built-in security heuristics and nested views, both advanced and less experienced developers and testers can quickly spot areas of the application being tested that need more attention.
- Easier collaboration: Enables developers to easily export and share captured DOM modifications while troubleshooting an issue with their peers.
Download it from
https://code.google.com/p/domsnitch/
