This is Stuff

We have decided to introduce testing for security vulnerabilities into web application development. Previous part introduced cross site scripting, our web application and expectations we have for this project.

In this part, we go through all penetration testing tools we could find. Our goal is to find a suitable open source scanner. We wrote mini review of each found tool and picked up two scanners we will use.

Cross site scripting (XSS) is second most popular type of attack on web application. It allows attackers to execute scripts in victim’s browser and perform almost any action on users behalf. For example, script may hijack sessions or redirect the user to malicious sites.

This type of attack is relatively easy to perform and difficult to protect against. There are numerous different attack vectors and attacker needs only some knowledge of web technologies (JavaScript, CSS, HTML) to perform any of them. Moreover, one vulnerable place is enough to make whole application vulnerable.

This series of posts introduces XSS testing to a fictional development team working on a web project. The introduction describes both cross site scripting and fictional project requirements.