The SecurityQA Toolbar also can testing for XSS in AJAX applications. Refer to Chapter 4 for more
information.
Chapter 2: Cross-Site Scripting 51
To test for XSS security issues, complete the following steps.
1. Visit www.isecpartners.com and request an evaluation copy of the product.
2. After installing the toolbar on Internet Explorer 6 or 7, visit the web application
using IE.
3. Within the web application, visit the page you want to test. Then choose Session
Management | Cross Site Scripting from the SecurityQA Toolbar, as shown in
Figure 2-4.
4. The SecurityQA Toolbar will automatically check for XSS issues on the current
page. If you want to see the progress of the testing in real time, click the expand
button, which is the last button on the right, before selecting the Cross Site
Scripting option. The expand button will show which forms are vulnerable to
XSS in real time.
5. After the testing is completed on the current page, as noted in the progress bar
in the lower left side of the browser, browse to the next page of the application
(or any other page you want to test) and repeat step 3.
6. Once you have ?¬? nished testing all of the pages on the web application, view
the report by selecting Reports | Current Test Results.
Pages:
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135