Published on February 4th, 2015 📆 | 3961 Views ⚑0
[paper] Comparing DOM based XSS Identification Tools on a Real World Vulnerability
Due to the lack of literature about DOM Based XSS identification tools awareness, we decided to write a paper that took the actual tools that are stated to be able to identify DOM Based XSS and test their capabilities when dealing with a real world DOM XSS issue.
Minded Security has been the first company to launch a commercial tool aimed to identify DOM Based XSS with a runtime approach: DOMinatorPro.
Since then, some tools, open source and commercial, have been developed and awareness on this very topic grew among application security experts.
The following paper will try to give an unbiased study supported by objective facts about precision and accuracy of existing tools that are stated to identify DOM Based XSS vulnerabilities.