We're very excited here at Veracode to announce the availability of our new FREE service to detect cross-site scripting (XSS) in your web application. This is a significant milestone for our company and for the security industry, and we encourage everyone from small ISVs to major enterprises to give us a try. Hopefully this will be one of the first steps in the long road to eliminating XSS; after all, one of the first steps to recovery is admitting you have a problem!

Questions? Comment on this blog post, or try @veracode, @chriseng, or @weldpond on Twitter.

Veracode Security Solutions


Security Alternatives


Security Threat Guides

About Chris Eng

Chris Eng, vice president of research, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.

Comments (2)

r | February 2, 2011 4:12 pm

Are you going to be keeping statistics? It would be interesting to see the number of XSS issues in X amount of source code. I'm curious to see what the ratio is for project files to number of cross-sites found.

Good luck! I still think this (XSS issues) falls back onto the developer for writing crappy code to begin with. ;)

CEng | February 2, 2011 6:30 pm

@r: We keep stats for the main (commercial) service, which is what we use for our semi-annual State of Software Security reports. Maybe we'll do something similar with the free service, not sure yet. Could be interesting.

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.