Google has released a Firing Range for assessing various web application scanners, with what looks like a real focus on Cross Site Scripting.
Targets include:
- Address DOM XSS
- Redirect XSS
- Reflected XSS
- Tag based XSS
- Escaped XSS
- Remote inclusion XSS
- DOM XSS
- CORS related vulnerabilities
- Flash Injection
- Mixed content
- Reverse ClickJacking
Source code is on github at https://github.com/google/firing-range
App Engine deploy is at http://public-firing-range.appspot.com/
===============
Rob VandenBrink
Metafore
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
