[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] How to detect XSS in an automated fashion

From: "Travis Altman" <travisaltman@xxxxxxxxx>
Subject: [WEB SECURITY] How to detect XSS in an automated fashion
Date: Wed, 29 Aug 2007 14:22:22 -0400

------=_Part_1675_3150956.1188411742491
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I am trying to run through a dictionary of XSS attacks (aka fuzzing) on a
web application.  What is the best way to determine, in an automated
fashion, if each attack was successful?  Would I simply review the source
code of the response to see if my attack was encoded or filtered?

http://travisaltman.com

------=_Part_1675_3150956.1188411742491
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I am trying to run through a dictionary of XSS attacks (aka fuzzing) on a web application.&nbsp; What is the best way to determine, in an automated fashion, if each attack was successful?&nbsp; Would I simply review the source code of the response to see if my attack was encoded or filtered?
<br><br><a href="http://travisaltman.com";>http://travisaltman.com</a><br>

------=_Part_1675_3150956.1188411742491--

Prev by Date: Re: [WEB SECURITY] firefox3 vuln by design?
Next by Date: Re: [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
Previous by thread: [WEB SECURITY] 24th Chaos Communication Congress 2007: Call for Participation
Next by thread: Re: [WEB SECURITY] How to detect XSS in an automated fashion
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site