DOMinatorPro Website

The latest Minded Security Labs project regards DOM XSS vulnerabilities. We have released a tool called DOMinatorPro which helps security testers to analyze and discover DOM Based Cross Site Scripting issues.

It uses dynamic data tainting in order to understand if a DOM XSS is exploitable and uses the browser JavaScript engine for understanding the code. The tool is developed by Stefano Di Paola and was nominated as one of the Top 10 Web Hacking techniques in 2011.

Scanning Automation

DOMinatorPro Enterprise Edition can automatically scan an entire website. This is the fastest way to scan and analyze BIG enterprise portals with rich JavaScript content as a tester would do with his browser. 

Ready Data: Realtime Dynamic Data Tainting

On the contrary to our competitors, DOMinatorPro uses the browser JavaScript engine natively to understand the code. Our Control-Flow engine is so powerful that can inspect almost any obscured code in order to find DOM XSS vulnerabilities.

Automatic Exploitability Check

Data Validation and Context Awareness makes the use of a dynamic runtime tainting model on strings even more powerful since it understands if a DOM XSS vulnerability is actually exploitable.

For more information about DOMinatorPro and its licenses, please visit DominatorPro Website