Veracode is offering corporate developers an opportunity to have any single Java application tested through their online code review service for cross-site scripting (XSS) errors free of charge. I like free, and this could illuminate common errors in your codebase.
XSS vulnerabilities are one of the most common security problems on the web, despite being fairly easy to find and fix (for a developer). They can allow attackers to inject untrusted data to hijack web pages, by-passing many access controls.
You are limited to one app, and it must be Java-based, but hey, it’s FREE! Interested in trying out their offer? Visit the Free XSS Detection Service website, submit a single Java app, and wait for your location report and remediation advice. They won’t fix the flaw for you, but will provide some idea of the severity of the vulnerability and recommended changes.