Google has released a "Firing Range" for assessing various web application scanners, with what looks like a real focus on Cross Site Scripting.   The code was co-developed by Google and Politecnico di Milano

Targets include:

•     Address DOM XSS
•     Redirect XSS
•     Reflected XSS
•     Tag based XSS
•     Escaped XSS
•     Remote inclusion XSS
•     DOM XSS
•     CORS related vulnerabilities
•     Flash Injection
•     Mixed content
•     Reverse ClickJacking

Source code is on github at  https://github.com/google/firing-range

App Engine deploy is at http://public-firing-range.appspot.com/

===============
Rob VandenBrink
Metafore