The Cross Site Scripting assertion checks the response for content revealing system information. It checks the response for injection strings similar to the parameter ones. It also allows you to prepare a script which will create a URL list to check each token individually.
Create an assertion
Follow these steps:
Open a security test.
Click Response Assertion next to the Cross Site Scripting scan.
Click in the Assertions panel
In the New Assertions dialog, search for the Cross Site Scripting assertion or select it manually in the Security category.
Setting up properties
Select Check Immediate Response to check the response right after starting the script.
Select Check Response from URLs specified in Custom Script to check responses from the URL list, which you can specify in a custom script. Then, create a custom script to check for XSS vulnerabilities on REST and SOAP individual pages which do not allow you to view the immediate responses in a browser.
Other Security Assertions
Add more assertions to ensure the security of the tested service: