Need tool to test XSS Vulnerabilities on our site

curiouswebster
curiouswebster used Ask the Experts™
on
Looking for a tool to test XSS Vulnerabilities on our site

I need to find a tool we can run which will enable us to help find XSS Vulnerabilities and to test our Anti-XSS fixes.

What can you suggest?

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Exec Consultant
Distinguished Expert 2018
Commented:
Check out this list like in the sequence of XSSer, ZAP and Xenotix XSS Exploit Framework as the test gets deeper to exploitation of vulnerability found.

https://www.owasp.org/index.php/OWASP_XSSER
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework
curiouswebsterSoftware Engineer

Author

Commented:
What is this Burp Suite all about?
btanExec Consultant
Distinguished Expert 2018
Commented:
Burp suite is a well used proxy tool to inspect HTTP/S data traffic like wireshark, and act like man in the browser (similar to fiddler) to hijack data and "tamper" what the client browser sent to web server. See the XSS example. By the way, there is a community version but not having the scanner capabilities that is in its commercial versions. You can try trial version.
https://portswigger.net/burp
https://support.portswigger.net/customer/portal/articles/1965737-using-burp-scanner-to-find-cross-site-scripting-xss-issues
curiouswebsterSoftware Engineer

Author

Commented:
thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial