Security tools : Reflector for .NET; Security System Analyzer; Echo Mirage; soapUI

On Aug. 27, WASC released the Script Mapping Project which is intended to be an exhaustive refference on XSS vectors.What I fail to understand is why WASC didn’t include as a starting point RSnake’s excellent XSS Cheat Sheet. It’s not like they would be the first. OWASP already quotes RSnake’s work as a valuable resource.

CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations.The present implementation protects PHP 5.2.3 against SQL-injection attacks for the MySQL engine

SideJacking is about sniffing HTTP traffic and cloning whatever cookies are exchanged between the browser and the server. In this way, the attacker can clone your session IDs and eventualy they can hijack your account.