Based on Owasp Xss Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
We have three different types of xss:
- Stored XSS
- Reflected XSS
- DOM XSS
- Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, variable in URI and any input form where we can add a code or in URI Address. https://hackerone.com/reports/292457
- DOM XSS attack where in the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser. https://hackerone.com/reports/324303
Usually this type of vulnerability is easily applicable for manual researching, there are also tools to help us on the net, but I recommend this type of vulnerability to go manually to search for it.
If you want a tool for enterprise to integrate also with CI/CD for web application, the best solution is also use
We can integrate as a discovery system for web applications in their development cycle. So that we don’t have these problems when our app is in production.
- Previous Post