Lowter

Ethan wrote:

I've yet to hear of this until now.  I'm also confused as to what this is actually checking?

Scanning your applications for security issues inside your web applications. Without a fuss.

Hmm.  I have one issue here.  I would not trust anyone with the ability to check my sites like this.  Since it is all done via proxy, they probably keep logs of this.  Then if someone happens to get their hands on this, it would be bad news.

It looks nice, but I just don't like the fact it is done via proxy.

Ethan wrote:

Hmm.  I have one issue here.  I would not trust anyone with the ability to check my sites like this.  Since it is all done via proxy, they probably keep logs of this.  Then if someone happens to get their hands on this, it would be bad news.

It looks nice, but I just don't like the fact it is done via proxy.

That's a good point to consider.

As vigilant as that site would be to protect themselves ... how much do you trust their efforts?

Enough or not enough?

Still, would be nice to run it once ....

For sure, for sure and since this is the into the guts of your website it could get messy were that ever to happen.

So instead - addslashes!

The information I wouldn't want leaked is that my website is vulnerable to XSS or something before I get a chance to fix it.

Nope.  I've done some testing on that to be sure.

But see, then the whole development process is a lot more complex.  It's easy enough to test for these vulnerabilities yourself, and get it fixed before it's uploaded anywhere online or seen by anything.

Could you imagine Google scanning pages for this?