Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
rom22010-11-11 21:54:45
XSS
rom2, 2010-11-11 21:54:45

site XSS check

Hello!

Tell me how you can check your sites for XSS vulnerabilities?

For example, post something in the form to make something happen.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
I
impass, 2010-11-12
@impass

Hire a pentester/hacker with experience to manually check. For greater efficiency, you can provide access to the source code.
Of course, there are automated tools, such as Acunetix Web Vulnerability Scanner ( available in Varese ), but their effectiveness in non-banal cases is rather doubtful.

Report
H
habrrich, 2010-11-13
@habrrich

ha.ckers.org/xss.html

Report
S
Scat, 2010-11-11
@Scat

Usually they check with this
<script>alert('aa');</script>
If there are a lot of forms on the site, then it's better to use a program for finding vulnerabilities. One of the most advanced is Acunetix Web Security Scanner, you can find it on torrents.

Report
X
Xrizolin, 2018-07-12
@Xrizolin

Hey!
The best way to check a site for XSS is to check the source code.
The main reason for the appearance of XSS is the lack of filtering user input on (&, <, >, ", ')
Most modern ORMs, templating engines in languages, perform user data escaping, which should protect against XSS. Unfortunately, developers often turn off these checks manually.
More details how to protect your code from XSS: https://www.owasp.org/index.php/XSS_(Cross_Site_Sc...
How to bypass filters and implement XSS: https://www.owasp.org/index.php/ XSS_Filter_Evasion...
By the way, I'm one of the developers of the vulnerability scanner, including XSS - https://metascan.ru
You can try the scanner or just ask our guys. [email protected]

Report
R
rom2, 2010-11-14
@rom2

Thanks to all!

Report
N
Nikitst, 2017-01-18
@Nikitst

Similar questions
E
Evgeny Antipov2018-04-20 12:31:09
Protection against DOM change via console? 1Reply
S
sorry_i_noob2018-09-08 11:26:48
Do I need to protect against XSS that is inserted in a GET request (I tried writing an alert(1) value to the page, but nothing happened)? 2Reply
S
Sazoks2018-10-27 12:47:44
The browser prevents clicking on links with XSS. How to bypass blocking? 2Reply
I
iOS Dav2016-07-05 13:10:45
What is better, to save the user's post to the database by executing htmlentities() or not? 2Reply
I
IvanIF2020-11-09 22:05:23
How to prevent XSS attacks through this HTML code? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question