This chapter contributed by Amit Sethi
There are two ways of constructing a software design: one way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.
By now we have shown you many different techniques for testing web applications and their logic. The tests have ranged in difficulty, but we have tried to keep each one focused on a specific part of the web application. We may have targeted input handling, session management, or data encoding, but each test tried to isolate one behavior. In this chapter, we try to put more than one technique together to simulate sophisticated attacks. We still try to be specific and pinpoint faulty logic in the application, but we’re using several techniques at the same time. The recipes in this chapter borrow heavily from prior chapters and assume that you’ve understood and executed the prerequisite recipes before you try these.
Several recipes in this book discuss how to search for XSS issues.
However, XSS may seem like a mysterious attack when given the standard
detection mechanism of inserting an alert box into a web page. When you
find XSS in an application, you may be called upon to demonstrate why it
is really a problem. After all, simply showing that you can type
<script>alert("XSS!")</script> into a search box and have ...