Now that we discovered this potentially vulnerable page, do we really need to scan the entire page for every vulnerability class when we could just hunt for XSS directly? This is the question that separates the ‘tool’ from the ‘pentester’. While we were successful in our goal, could we be more efficient? What if we had already scanned the application (albeit, a different page) with the ‘large’ default profile once. However, it took 1991 requests to finish this scan since we were analyzing the entire application for every vulnerability from XSS to SQLi. Often, one may opt to include the JavaScript analysis as well for each page.Īfter running this scan profile against a reflected Cross-Site Scripting (XSS) endpoint, such as on the Damn Vulnerable Web Application (DVWA), Burp Suite successfully identifies the XSS vulnerability on the page. When analyzing an application for vulnerabilities one may typically start off by selecting the following profile for every single page, “Audit checks – all except JavaScript analysis”. Detection of Cross-Site Scripting (XSS) Example Workflow: Compared to launching a traditional ‘full’ scan against every single dynamic page of an application, which may result in tens or hundreds of thousands of requests, our engagements tend to operate a bit more efficiently by leveraging these scan profiles.
0 Comments
Leave a Reply. |