What is DOM-based XSS?
The Document Object Model (DOM) lets web developers dictate through HTML source code how a user’s web browser should display a web page. DOM-based XSS attacks seek to exploit the DOM in a simple two step process:
- Create a Source: Inject a malicious script into a property found to be suceptible to DOM-based XSS attacks. Common injection vectors include document.url, document.location, and document.referrer objects.
For a typical example of how a DOM-based XSS attack is executed, it’s suggested that you read DOM XSS: An Explanationof DOM-based Cross-Site Scripting.
DOM-based XSS Scanner
In order to find the source of a DOM-based XSS vulnerability before the hackers do, you’ll want to scan the client-side of your web application with a DOM XSS scanner. The Acunetix Web Vulnerability Scanner contains all the tools you’ll need to sniff out DOM XSS sources. With the highest SQL and XSS detection rate in the industry, Acunetix can crawl your web application and without fear of false positives. Try Acunetix Online or download it now to gain the insight you need to secure your app against DOM XSS.
Learn more about prominent vulnerabilities, keep up with recent product updates, and catch the latest news from Acunetix.
"We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production."Kurt Zanzi, Xerox CA-MMIS Information Securtiy Office, Xerox