We test the XSS vulnerabilities by identifying if the input data that a user sends to your web server through registration form, contact form, search form or submission request is properly encoded in order to prevent your web application from being misused.
DOM based XSS
We first manually identify each point of web application that accepts user input, this includes HTTP GET and POST requests.
Than we test for potential XSS vulnerabilities on these points by identifying any special characters that were unﬁltered and determine if the injection vulnerability is reflected, stored or DOM based.
It depends mostly on how soon we are able to identify all the input points to start testing with payloads. Once we identify the vulnerability than we require time to put together a report for your understand.
Report will include all the detected input vector and their testing and detailed analysis of all the XSS weaknesses found.
Based on our finding through our extensive tests we will provide recommendations in the report on how to fix the XSS security vulnerabilities.