Blue Closure

Blue Closure Website

The latest Minded Security Labs project regards JavaScript Security. We have released a tool called Blue Closure which helps security testers to analyze and discover Client Side security issues.

It uses dynamic data tainting in order to understand if a DOM XSS is exploitable and uses the browser JavaScript engine for understanding the code. The core of the tool is developed by Stefano Di Paola and was nominated as one of the Top 10 Web Hacking techniques in 2011.

Ready Data: Realtime Dynamic Data Tainting

On the contrary to our competitors, Blue Closure uses the browser JavaScript engine natively to understand the code. Our Control-Flow engine is so powerful that can inspect almost any obscured code in order to find DOM XSS vulnerabilities.

Automatic Exploitability Check

Data Validation and Context Awareness makes the use of a dynamic runtime tainting model on strings even more powerful since it understands if a DOM XSS vulnerability is actually exploitable.

For more information about Blue Closure and its licenses, please visit Blue Closure Website