Enterprise IT Watch Blog

Feb 1 2011   7:26AM GMT

Veracode offers free Cross-site scripting (XSS) check tool

Melanie Yarbrough Profile: MelanieYarbrough

Application security company Veracode is demonstrating to developers how easy it is to test and identify vulnerabilities in their applications by granting free access to one of its services. Veracode’s offerings include automated binary analysis in the cloud and as of today, developers can register to upload one application to the cloud and test for cross-site scripting (XSS) vulnerabilities at no cost. XSS, a common security exploit where attackers put malicious coding into a link that releases itself when a user clicks the link, is a veteran problem in application development and responsible for major security breaches.

Veracode hopes to demonstrate how avoidable XSS vulnerabilities are while highlighting their application security testing offerings, boasting their ability to serve both SMBs and large organizations. Most development oversights are minor, but can have major repercussions, which is why Veracode is doing its part to aid in the “long road to eliminating XSS.” In a recent blog post, application security researcher at Veracode Chris Eng likens fixing XSS vulnerabilities to squashing ants, but that doesn’t mean the problem isn’t major just because its solution can be:

At Veracode, we see thousands — sometimes tens of thousands — of XSS vulnerabilities a week. Many are of the previously described trivial variety that can be fixed with a single line of code. Some of our customers upload a new build the following day; others never do. Motivation is clearly a factor. Think about the XSS vulnerabilities that hit highly visible websites such as Facebook, Twitter, MySpace, and others. Sometimes those companies push XSS fixes to production in a matter of hours! Are their developers really that much better? Of course not. The difference is how seriously the business takes it. When they believe it’s important, you can bet it gets fixed.

In a climate that’s teeming with new security threats every hour, a company’s security priority list can be the difference between a close call and a major setback. Proactivity is key. There’s no such thing as a free lunch, but when a company is offering free security testing, it makes reprioritizing not only appealing but affordable. What does your company have at the top of its security priority list this year? Do you anticipate taking application security testing in the cloud for a spin? Let us know in the comments or send me an email at Melanie@ITKnowledgeExchange.com.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Ex-Salesforce.com exec simplifies cloud security with Okta - Enterprise IT Watch Blog
    [...] threats that can cause major disruption - such as cross-site scripting, request forging, and SQL injections - are automatically prevented in Okta’s architecture. [...]
    0 pointsBadges:
  • Maybe the cloud is more secure - Enterprise IT Watch Blog
    [...] all the cloud concern justified? Today’s guest post comes from David Strom, and he argues that while it isn’t [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: