Auditing Strategies

Learn how XSS vulnerabilities are discovered and what approaches are used to classify them.

Overview

As already established, sniffing out vulnerabilities is an essential skill for a pentester. Finding XSS vulnerabilities requires both manual testing and scans with powerful automated tools, such as Burp Suite.

The process begins with automated tools; basic XSS vulnerabilities are quickly spotted. Then manual testing is done to catch more advanced XSS attack vectors. For manual testing, any forms, fields, and editable URLs are all noted, the related source code (if available or unobfuscated) is analyzed, and then special input is crafted for the attack. Trial and error may also be employed, but that will take up a lot of time.

Note: The techniques and approaches discussed in this lesson can be applicable to other types of vulnerabilities as well.

Get hands-on with 1400+ tech skills courses.