Applies to ReadyAPI 2.8, last modified on September 11, 2019

The Cross Site Scripting assertion checks the response for content revealing system information. It checks the response for injection strings similar to the parameter ones. It also allows you to prepare a script which will create a URL list to check each token individually.

Availability

In SoapUIĀ security tests: Use this assertion with the Cross Site Scripting security scan.

Create an assertion

Follow these steps:

Secure: The Assertions panel

Click the image to enlarge it.

  1. Open a security test.

  2. Select Response Assertion.

  3. Click in the Assertions panel

In the New Assertions dialog, search for the Cross Site Scripting assertion or select it manually in the Security category.

Setting up properties

  • Select Check Immediate Response to check the response right after starting the script.

    ReadyAPI: Configuring the Cross Site Scripting assertion

    Click the image to enlarge it.

  • Select Check Response from URLs specified in Custom Script to check responses from the URL list, which you can specify in a custom script. Then, create a custom script to check for XSS vulnerabilities on REST and SOAP individual pages which do not allow you to view the immediate responses in a browser.

See Also

Security Assertions
Basic Authorization Assertion
Sensitive Files Exposure Assertion
Weak Password Assertion
Sensitive Information Exposure Assertion

Highlight search results