Software Development security is an important domain on the exam. Lack of knowledge and involvement of Security in the SDLC is one of the main cause of the issues we have today with enterprise software. Look at this great article from Jeff William telling you HOW to do it properly and giving you great link to learn more.

Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module is incorporated with 3 intelligent fuzzers to reduce the scan time and produce better results. If you really don't like the tool logic, then leverage the power of Xenotix API to make the tool work like you wanted it to be.