Identifying cross-site scripting (XSS) vulnerabilities

Cross-site scripting (XSS) is one of the most common vulnerabilities in web applications, in fact, it is considered third in the OWASP Top 10 from 2013 (https://www.owasp.org/index.php/Top_10_2013-Top_10).

In this recipe, we will see some key points to identify a cross-site scripting vulnerability in a web application.

How to do it...

  1. Log into DVWA and go to XSS reflected.
  2. The first step in testing for vulnerability is to observe the normal response of the application. Introduce a name in the text box and click on Submit. We will use Bob.
    How to do it...
  3. The application used the name we provided to form a phrase. ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.