- 858
- 236
Spotting most XSS vulnerabilities is simple. You just have to find input that flows from an untrusted source into an HTML page. Many times, the path from the request to the HTML page isn't very complicated, for example when the same call gets the data and puts it in the HTML page.
But other XSS vulnerabilities are less common and can be devilishly complex. Imagine an application that has millions of lines of code involved in getting data, transforming it, validating it, storing it, combining it, escaping it, decoding it, persisting it, retrieving it, and finally rendering it. How can one know if there is a path through all that code that creates an XSS vulnerability?
The number of possible paths and patterns is infinite, and that's why traditional tools struggle to find XSS without flagging a lot of false alarms.
But other XSS vulnerabilities are less common and can be devilishly complex. Imagine an application that has millions of lines of code involved in getting data, transforming it, validating it, storing it, combining it, escaping it, decoding it, persisting it, retrieving it, and finally rendering it. How can one know if there is a path through all that code that creates an XSS vulnerability?
The number of possible paths and patterns is infinite, and that's why traditional tools struggle to find XSS without flagging a lot of false alarms.