Recently I was attempting verify some web application security issues reported by one of our vendors. Their report was fairly useless, since it complained about a couple of pages, but gave no information about how to duplicate the results. After manually trying reproduce the flaw for a while, I threw in the towel and started hunting around for a free XSS scanner.
I ran into a tool called SpringenWerk and decided to play around with it. It only took a couple of minutes to set up. I did some quick reading on how to use the tool and fired it off at the suspect page. The script ran for a little while and then exited out. Final score? Two XSS vulnerabilites, neither of which were found by the previously mentioned vendor. So I got curious and fired the script off at an HTTPS URL to see how it handled SSL. No problems at all. It negotiated the connection and did its testing from there. A very nice tool and was useful for me when I was stuck. You can take a loot at it at http://springenwerk.org/.
I never did find the issues the vendor reported and they said it was probably a false positive. Maybe, maybe not. I asked for the actual attack strings that they used, but so far they have not been able to produce them. Suspect...
