check for XSS site


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/code-flow.club/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
12 views
Hello!

Tell me how you can test your websites for XSS vulnerabilities?

For example, to post to the form that something happened.
by | 12 views

5 Answers

0 like 0 dislike
To hire pentester'a / hacker with experience to check manually. For more efficiency you can provide access to the source code.
\r
There are of course automated tools, like Acunetix Web Vulnerability Scanner (is in Milan), but their effectiveness in non-trivial cases is quite questionable.
by
0 like 0 dislike
by
0 like 0 dislike
Usually check this
\r
\ralert('aa');
\r
If your site has many forms, it is best DM to use the program to search for vulnerabilities. One of the most advanced is considered Acunetix Web Security Scanner will be able to find on torrents.
by
0 like 0 dislike
Hi!

The best way to test the website on XSS is to check the source code.
The main cause of XSS is lack of filtering of user input (&, <, >, ", ')

Most modern ORM, templating languages serve escaping user data that should be protected from XSS. Unfortunately developers often turn off these checks by hand.

Learn more about how to protect your code from XSS: https://www.owasp.org/index.php/XSS_(Cross_Site_Sc...

How to bypass filters and to introduce XSS: https://www.owasp.org/index.php/XSS_Filter_Evasion...

By the way, I'm one of the developers of scanner vulnerabilities, including XSS https://metascan.ru
Can try scanner, or just ask our children. support@metascan.ru
by
0 like 0 dislike
Thank you all!
by
110,608 questions
257,186 answers
0 comments
24,986 users