Testing Your Web Applications for Cross-Site Scripting Vulnerabilities

By now there’s no argument that cross-site scripting attacks are real and potently dangerous. If you know all about XSS and just want to see some testing ideas, just skip straight to the testing section. If this is new to you, please read on! Cross-site scripting attacks occur when a malicious person, the attacker, can force an unknowing user, the victim, to run client-side script of the attacker’s choice. The term cross-site scripting is sort of a misnomer, because it’s not just about scripting and it doesn’t even have to be cross-site. It’s a name that was branded upon its discovery and it has just stuck. We’ll use its common abbreviation “XSS” from now on.

XSS attacks involve three parties:
• The attacker
• The victim
• The vulnerable Web site that the attacker exploits to take action on the victim

Out of the three parties, the victim is the only one who actually runs the attacker’s code. The Web site is merely a vehicle for an attack and is not typically affected. An XSS attack can be carried out in a number of ways. As an example, the attacker sends the victim a maliciously crafted URL through e-mail, IM, or some other medium. When the victim opens the URL in a Web browser, the Web site renders the page and the script is executed on the victim’s computer.