We test the XSS vulnerabilities by identifying if the input data that a user sends to your web server through registration form, contact form, search form or submission request is properly encoded in order to prevent your web application from being misused.

If there is any XSS vulnerability on your site it can be exploited to target your web application’s users. An exploiter can inject JavaScript code through which they can steal your user’s session credentials or their keystrokes or capture their login credentials before they are submitted to the application.

An exploiter can also use this vulnerability by creating a shortened URL of your vulnerable web page and their JavaScript code packed in one link. They can than use this link for the purpose of exploiting other users.

Reflected XSS
Stored XSS
DOM based XSS

We first manually identify each point of web application that accepts user input, this includes HTTP GET and POST requests.

Than we test for potential XSS vulnerabilities on these points by identifying any special characters that were unīŦltered and determine if the injection vulnerability is reflected, stored or DOM based.

It depends mostly on how soon we are able to identify all the input points to start testing with payloads. Once we identify the vulnerability than we require time to put together a report for your understand.

Report will include all the detected input vector and their testing and detailed analysis of all the XSS weaknesses found.

Based on our finding through our extensive tests we will provide recommendations in the report on how to fix the XSS security vulnerabilities.