In this response Google security team had once again came forward in the security concerns. Today Google released a open source tool called "Firing Range", which is specially designed for testing the Web application security scanners. The tool is featured with the variety of cross-site scripting (XSS) and other vulnerabilities on a massive scale.
Google had its own internal XSS scanners known as “Inquisition”. It was built entirely on Google Chrome and Cloud Platform technologies, with support for the latest HTML5 features. However, while working with and on Inquisition, Google researchers came to realize they needed a testbed with which analyze current and future scanning capabilities.
What is Firing Range ?
Firing Range is a Java application built on Google App Engine and contains a wide range of XSS and, to a lesser degree, other web vulnerabilities. Code is available on github.com/google/firing-range, while a deployed version is at public-firing-range.appspot.com.
Our testbed doesn’t try to emulate a real application, nor exercise the crawling capabilities of a scanner: it’s a collection of unique bug patterns drawn from vulnerabilities that we have seen in the wild, aimed at verifying the detection capabilities of security tools - Criscione worte.“We have used Firing Range both as a continuous testing aid and as a driver for our development, defining as many bug types as possible, including some that we cannot detect (yet!).” - he added.