eValid™ -- Automated Web Quality Solution Browser-Based, Client-Side, Functional Testing & Validation, Load & Performance Tuning, Page Timing, Website Analysis, and Rich Internet Application Monitoring.

Overview
This example illustrates how eValid is used to search a a web page for a possible XSS vulnerability. Additional technical details about this kind of vulnerability are given in the References section, below.

The method used is to apply eValid's site analysis functionality to the job of scanning a website for instances of a particular character string. That requires setting up the site analysis run parameters, making the run, and then analyzing the results.

Example Steps & Explanation
Here are the main steps in this example:

1. Typical Target Page
   The example target page is a very naive one, consisting of just the HTML shown here. (The web pages you'll be analyzing are, of course, more complex; for this illustration we want to keep it as simple as possible.)

   <HTML> <BODY> <a href="[http://<XSS-host]/xssfile?evil request">Hi! visit my website</a> </BODY> </HTML>

2. Defining the "Search For" String
   The scan is for the string that is defined in the site analysis string filter page. In this example the string to be searched for is XSS, which is known to be in the target web page (see HTML text above).

   In this case the "searched for" string is XSS, the search by eValid is to be done on the complete HTML of the page. Note that we didn't check "Regular Expression" but if we did then the content of the Text parameter could be any regular expression.

   

3. Running the Search
   Before starting the script playback these settings need to be saved into an eValid parameter profile. In this case we use the name PROFILE.

   Playback begins by running the eValid script (shown below), which launches the site analysis run within the browser.

   The real action begins with the &SiteAnalysis command, shown in bold in the eValid script given below.

   The additional parameters on the &SiteAnalysis command affect how the scan is done and where the resulting files are to be stored.

   At the end of the playback (which includes the site analysis run) you see a "green screen" indicating normal termination.

   

4. Test Completion Report
   This page shows the status of the run, indicating the number of commands completed and total run time.

   

5. Scan Status Page
   This page shows the status of the site analysis run, indicating the number of pages scanned and the status/results of the scan.

   

6. Filter Results Page
   The site analysis process creates this page to show all of the instances of match to the specified search string. Note that the URL for the page that has the vulnerability is shown, along with the specific string match in context with the HTML surrounding it.

   

eValid Test Script
Here is the test script used in this example:

# Copyright © 2013 by Software Research, Inc. # Recording made on: Microsoft Windows XP ProjectID "ProjExample" GroupID "Security" TestID "xsstest" LogID "AUTO" DeleteCache DeleteCookies InitLink "http://www.e-valid.com/Products/Documentation.9/" \ "Security/Examples/XSS/cybersecuritycheck.html" # Search through my webpage(s) for possible XSS related triggers... # Note: please make sure your current SA profile settings include # unchecked startup dialog box and starting on current page, # along with string filter=XSS. &SiteAnalysis PROFILE 15 xssfind # Upon completion of run the site analysis output file named # "xssfind-matchString" will contain reports of all string matches made. # (optional:) If eValid is unable to process the site analysis engine, # send an alert to the user... # # OnErrorEmail "email-address" "subject" "message" "attachment-path" # End of script.

Technical References
Here are key references that describe the XSS vulnerability.

• Cross-site Scripting (Wikipedia)
• Testing for Cross Site Scripting (XSS)
• XSS (Cross Site Scripting) Prevention Cheat Sheet