alert(/xss/) – How to catch an XSS before someone reports or exploits it?

alert(/xss/) – How to catch an XSS before someone reports or exploits it?

This paper talks about an XSS detection system which helps find the XSS bug as soon as someone has triggered it somewhere. There were similar client side techniques in the past which have failed miserably. This is a server side detection system which alerts the security team when a certain XSS payload is successfully triggered by anyone, anywhere, even if its for the first ever time. This helps the security team go ahead and fix the issue before someone even reports the bug to them.

6932fd8236cec12354ba8230c0e80d81?s=128

Ahamed Nafeez

September 29, 2012
Tweet