Cross Site Scripting Assertion

The Cross Site Scripting assertion checks the response for content revealing system information. It checks the response for injection strings similar to the parameter ones. It also allows you to prepare a script which will create a URL list to check each token individually.

Availability

The assertion is available only in security tests. Use this assertion with the Cross Site Scripting security scan.

Create an assertion

Follow these steps:

create-secure.png
  1. Open a security test.

  2. Click Response Assertion next to the Cross Site Scripting scan.

  3. Click Plus in the Assertions panel

In the New Assertions dialog, search for the Cross Site Scripting assertion or select it manually in the Security category.

Setting up properties

  • Select Check Immediate Response to check the response right after starting the script.

    ReadyAPI: Configuring the Cross Site Scripting assertion
  • Select Check Response from URLs specified in Custom Script to check responses from the URL list, which you can specify in a custom script. Then, create a custom script to check for XSS vulnerabilities on REST and SOAP individual pages which do not allow you to view the immediate responses in a browser.

Other Security Assertions

Add more assertions to ensure the security of the tested service:

See Also

Publication date: