Archives: September 2015


XSS Part 2: Enumeration

Posted on September 29th, 2015

Continuing on from Part 1 XSS: Intro, we will go over how we enumerate XSS.  The way we go about enumerating XSS is first to properly map the application and understand its inputs.  This is done via browsing/spidering, and unlinked content enumeration using various techniques. To browse and spider the application we use Burp suite […]


XSS Part 1: Introduction

Posted on September 16th, 2015

One of the most common flaws in web applications is  Cross Site Scripting (XSS).  All too often the risk with XSS is undermined, and ends up going to the bottom of the priority list because system owners do not fully understand the potential impact. This three (3) part blog post will hopefully change that thought […]