I am working on XPath Injection attack, so looking forward to build a tool to detect XPath Injection in a website. Is web crawling and scanning used for this? What can be the logic to detect it?
Are there any open source tools to detect it, so that i can develop it in Java by looking at logic used in that code.