The best AntiXSS test tool for Firefox?

Anti-XSS Test Tool plan for Firefox

We need to support Firefox only, so I  wonder if that limitation helps me to hone my list of options, as I seek an Anti-XSS Test Tool?

I would consider at least:
https://www.owasp.org/index.php/OWASP_XSSER
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework
https://portswigger.net/burp

and review:
https://www.pentestgeek.com/ethical-hacking

plus whatever else you suggest for me to consider. So, I wonder if the fact that our site is limited to Firefox support helps us find a smaller set of AntiXSS test tools from which to choose?

Thanks
newbiewebSr. Software EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ArneLoviusCommented:
Although XSS happens via a browser, the vulnerability is on the server side.

Different tools written by different people can find different vulnerabilities, using a smaller set of test tools has a greater possibility of missing a vulnerability.

Is the website in a managed network where firefox is the only HTTP/HTTPS client ?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
newbiewebSr. Software EngineerAuthor Commented:
The application is not in a managed network, as far as I know. It is required to use Firefox.
0
btanExec ConsultantCommented:
thought of having a list of plugin to augment as test
- Tamper Data, Hackbar, Websecurify and XSS me
http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/
They can serve as quick means to test out (Tamper Data) simple test data (Hackbar, XSS Me) and scan for owasp gaps (Websecurify)
In fact, the proxy based tool like burp are good ones too and can be used to intercept any browser exchanges (including FF).

Separately, I thought it may be useful to understand the basis for penetration testing execution:

Pre-engagement Interactions
Intelligence Gathering
Threat Modeling
Vulnerability Analysis
Exploitation
Post Exploitation
Reporting
And some specific question to scope the test coverage
Web Application Penetration Test

How many web applications are being assessed?
How many login systems are being assessed?
How many static pages are being assessed? (approximate)
How many dynamic pages are being assessed? (approximate)
Will the source code be made readily available?
Will there be any kind of documentation?
If yes, what kind of documentation?
Will static analysis be performed on this application?
Does the client want fuzzing performed against this application?
Does the client want role-based testing performed against this application?
Does the client want credentialed scans of web applications performed?
Eventually, having some outcome desired to achieve after the exercise
Good penetration tests do not simply check for un-patched systems. They also test the capabilities of the target organization. To that end, below is a list of things that you can benchmark while testing.

Ability to detect and respond to information gathering
Ability to detect and respond to foot printing
Ability to detect and respond to scanning and vuln analysis
Ability to detect and respond to infiltration (attacks)
Ability to detect and respond to data aggregation
Ability to detect and respond to data ex-filtration
http://www.pentest-standard.org/index.php/Main_Page
0
ArneLoviusCommented:
if it is not a managed network, then other browsers might be used, so whether firefox is the only supported browser is not relevant
0
newbiewebSr. Software EngineerAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.