XSS Scanners ?
Hello everyone what are your thoughts on scanners that specialize in hunting for XSS all of them claim to be the best. But after using a few i can tell you that is far from true, it seems that they can’t get past these WAFs. Here is a list of scanners i have used in my ongoing pursuit in finding my first vulnerability.
I don’t know whether i test manually or use automation, nothing seems to go right, i am taking a step back and wondering if its worth it anymore to find XSS. Should i focus on vulnerabilities like SQL Injection and or Command Injection. It has been 12 solid months and nothing so far what am i doing wrong am i just not cut out for this or is it only a matter of time before i strike gold. It seems to say that most XSS has been found already at this point and most companies have gotten smarter in filtering these vulnerabilities out.
Any advice would be helpful, thank you.
Log in to reply.