Is your application vulnerable to Cross Site Scripting (XSS)?

March 18th, 2008

Well.. One of the security tests you need to do in your web application is to verify that it is free from cross site scripting vulnerability.

read more about cross site scripting (XSS) at http://en.wikipedia.org/wiki/Cross_site_scripting

Here is the simple test to verify whether your web form is vulnerable to XSS or not.

Just type in

<script>alert(“Testing for XSS….. And this form is vulnerable to XSS”);</script>

Submit the form. Upon submitting the form, if you are seeing a javascript alert saying “Testing for XSS….. And this form is vulnerable to XSS” , obviously your web form is not secure against XSS attacks !!

Leave a Reply