The ACE Team at MS have thrown out a beta of XSSDetect, a static analysis tool plugin for VS2005 to, err, detect XSS vulnerabilities in your code. Interesting stuff; it’s a shame it doesn’t detect as you code or add errors into your compile time; which would better enforce good practice just as FXCop does; indeed the tool is part of a bigger internal suite; XSSDetect is a stripped down version of our enterprise ready Code Analysis Tool for .NET code bases (CAT.NET for short). CAT.NET adds such features as VSTF integration, centralized reporting using web services, customized rulesets...