Well this one really came out of nowhere it seems. I was on this blog post that Microsoft has released a public beta of XSS Detect. It is a stripped down version of their Code Analysis Tool for .net (CAT.net) that focuses solely on detecting XSS (Cross site scripting) vulnerabilities. I downloaded the beta and tried to run it against a web project that I have, but it just keeps crashing with this error…

Not too meaningful. Oh well, I guess I’ll have to wait for the final release to see what this tool can do. What is interesting is that not too long ago Microsoft released a beta of the next version of FX Cop (which is what CAT.net is based off of) and this leaves me wondering if the rules that they are using in the XSS Detect Tool are going to be part of a future version of FX Cop or if these rules are at least written as FX Cop rules so that they can be used in the tool. While these kinds of rules would probably be relied on too heavily by some people they would certainly be a starting point for securing an application.