-
Other alternatives to finding XSS ?
What are some other uncommon ways to find XSS something that goes beyond your typical hunting methods. What could be a slight advantage in this game of bug hunting ?
-
2 Replies
-
Look for areas that are less likely to have been looked at already. This might mean jumping on a program as soon as it comes out, digging deep into an application to find panels or other areas that aren’t easily found at the surface level, or using/creating tools that monitor for changes in applications.
For the last one, here’s what I mean: organizations deploy changes at different paces, but many strive to deploy frequently. Each deployment brings opportunity since things (endpoints, JS files, libraries, etc) change, sometimes things break, and new code/libraries/endpoints/etc means more things to test. By having a tool that monitors for those changes, you can get alerted and jump on it as soon as it happens – again, before others have a chance to do so.
-
Damn, its all a game of cat and mouse.
-
Log in to reply.