This post looks at how we can detect cross site scripting vulnerabilities using automated tools. Being the most common vulnerability found in web applications, it is very important to detect and mitigate XSS vulnerabilities early in development cycle. Arming developers with the right tools to develop application security is a big problem in every enterprise. Here at Microsoft, we have developed a static analysis tool specifically aimed at developers to detect cross site scripting. It was released a while ago as Microsoft XSSDetect.