Finding and Mitigating Cross-Site Scripting Attack Vectors — Testing different Web Application Security Scanners

Rafael Burkhalter. Finding and Mitigating Cross-Site Scripting Attack Vectors — Testing different Web Application Security Scanners. Bachelor’s thesis, University of Bern, April 2021. Details.

Abstract

The purpose of this thesis is to determine the efficacy and usability of different popular security scanners for web applications. The main focus lies on testing their ability to find cross-site scripting vulnerabilities, i.e. vulnerabilities arising when user input isn’t properly sanitized. To analyze the scanners various criteria are taken into account mainly completeness of the findings, ease of use and installation effort. In a second part an overview on how to analyze a scanner’s result and how Cross-Site Scripting attacks can be mitigated is given.

Posted by scg at 15 June 2021, 3:15 pm link
Last changed by admin on 21 April 2009