*This feature presents some limitations, hover your mouse over this area to get more information.
** These features are available only on request
Software Security Testers usually evaluate the risk of security issues by exploiting them. The source history shows not only a simplified list of the function calls, but the data "string" that is passed through them. The Browser Emulation feature built into DOMinatorPro permits the user to find vulnerabilities for any browser, even if DOMinatorPro is built as a Mozilla Firefox component. DOM XSS vulnerabilities are usually browser specific, but now it's possible to understand the impact using just one browser. Vulnerability Analysis gives insights of Regular expressions or other different types of encodings like Escape, Unescape and so on.
DOMinatorPro helped in understanding the source of the problem of a regression issue found by Mario Heiderich on the official jQuery website: jQuery "Migrate" Plugin.
"jQuery Migrate" is a Sink, too?!
Abyssec found a DOM XSS on Yahoo Mail. He says that DOMinatorPro can find it as well!
DOMSDAY Analyzing a DOM-Based XSS in Yahoo!
Stefano Di Paola finds a DOM Cross Site Scripting on Google Plus One button using DOMinatorPro.
DOM XSS on Google Plus One Button
Read how DOMinatorPro helped in finding a DOM XSS that affected a famous Facebook Like button present in millions of web sites
Analysis of DOM XSS vulnerability in a Facebook Like Button implementation
At the W3C Conference 2011 they talked about the security of the next generation web applications, about DOM XSS and the need of a tool able to find these kinds of problems. Since 2012 DOMinatorPro has been available, ready to be used and fully automated (Enterprise Version).
With DOMinatorPro we found a DOM XSS on Twitter, but that was not the end. This is the saga of ONE security issue and MANY wrong fixes before getting things working properly.
A Twitter DOM XSS, a wrong fix and something more