How to prevent attacks on the Web application? As stated in Google’s online security blog, Google is in the middle of developing a black box fuzzing tool called Lemon, a combination of scanning and an automated fuzzing tool, particularly to deal with the rising concerns of cross-site scripting (XSS). XSS normally occurs when a Web application accepts scripting commands from the client when an user click links that contain embedded malicious scripting commands.

Nevertheless, Google’s Lemon will work more than just a typical fuzz testing tool, it enumerates a Web application’s URLs and corresponding input parameters, and then iteratively supplies fault strings designed to expose XSS and other vulnerabilities to each input, and analyzes the resulting responses and ultimately, gets the bugs out of the Web app.