Seeing is believing
When reporting to a customer on the presence of a web application's vulnerabilities, most test reports will show scans that identify just the possibility a vulnerability exists (identification) but also go a step further and actually demonstrate that an exploit of the vulnerability was successful (confirmation). Arachni, ZAP, Burp Suite, and other vulnerability assessment tools can help with the identification effort. Some of these tools can assist with confirmation, but most testers will confirm using independent XSS-focused tools or methods to mimic the behavior of the exploit when employed by hackers. A quick search of your favorite search engine will see that there are some leading candidates, but we'll talk about ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access