check for XSS site

Question

check for XSS site

5 Answers

rom2 · Answer 1 · 2019-03-23T19:26:54+0000

To hire pentester'a / hacker with experience to check manually. For more efficiency you can provide access to the source code.
\r
There are of course automated tools, like Acunetix Web Vulnerability Scanner (is in Milan), but their effectiveness in non-trivial cases is quite questionable.

habrrich · Answer 2 · 2019-03-23T19:26:54+0000

Usually check this
\r
\ralert('aa');
\r
If your site has many forms, it is best DM to use the program to search for vulnerabilities. One of the most advanced is considered Acunetix Web Security Scanner will be able to find on torrents.

Scat · Answer 3 · 2019-03-23T19:26:54+0000

Hi!

The best way to test the website on XSS is to check the source code.
The main cause of XSS is lack of filtering of user input (&, <, >, ", ')

Most modern ORM, templating languages serve escaping user data that should be protected from XSS. Unfortunately developers often turn off these checks by hand.

Learn more about how to protect your code from XSS: https://www.owasp.org/index.php/XSS_(Cross_Site_Sc...

How to bypass filters and to introduce XSS: https://www.owasp.org/index.php/XSS_Filter_Evasion...

By the way, I'm one of the developers of scanner vulnerabilities, including XSS https://metascan.ru
Can try scanner, or just ask our children. support@metascan.ru

check for XSS site

Please log in or register to add a comment.

Please log in or register to answer this question.

5 Answers

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Related questions

Most popular tags