You can now find Cyber Kendra on Google News | Telegram

Firing Range: Google Open Source Tool for Testing Web App Security Scanners

Firing Range, Google Open Source Tool for Testing Web App Security Scanners , online security scanners, information security experts, Tool for Testing Web App Security Scanners , web app scanners, XSS bugs by hand, vulnerability scanners tools, scan for security vulnerability, hacking tools for web application, security testing, secure email service provider, Google Firing Range, all about Firing Range, hacking google web applications.
Security is the one of the most important factor of every business, as it is offline or online. Search giants Google also gives prior importance to its users security and privacy, and earlier also Google had helped online users in many ways via implementing higher security features on its products or by other means.

In this response Google security team had once again came forward in the security concerns. Today Google released a open source tool called "Firing Range", which is specially designed for testing the Web application security scanners. The tool is featured with the variety of cross-site scripting (XSS) and other vulnerabilities on a massive scale.

Google Security Engineer Claudio Criscione, explained about the Firing Range on the blog post. He mentioned that about 70 per cent of the bugs in Google’s Vulnerability Reward Program are cross-site scripting flaws. In a talk at the Google Test Automation Conference (GTAC) last year, Criscione explained that uncovering XSS bugs by hand “at Google scale” is like drinking the ocean.

Google had its own internal XSS scanners known as “Inquisition”. It was built entirely on Google Chrome and Cloud Platform technologies, with support for the latest HTML5 features. However, while working with and on Inquisition, Google researchers came to realize they needed a testbed with which analyze current and future scanning capabilities.

What is Firing Range ?
Firing Range is a Java application built on Google App Engine and contains a wide range of XSS and, to a lesser degree, other web vulnerabilities. Code is available on, while a deployed version is at
Our testbed doesn’t try to emulate a real application, nor exercise the crawling capabilities of a scanner: it’s a collection of unique bug patterns drawn from vulnerabilities that we have seen in the wild, aimed at verifying the detection capabilities of security tools - Criscione worte.
“We have used Firing Range both as a continuous testing aid and as a driver for our development, defining as many bug types as possible, including some that we cannot detect (yet!).” - he added.

You can find the code of the Firing Range on Github and deployed version is at appspot

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.