Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes

This post intends to serve as a guide for a common bypass technique when you're up against a web application firewall (WAF). In the event that the WAF limits what tags and attributes are allowed to be passed, we can use BurpSuite's Intruder functionality to learn which tags are allowed. Table of Contents: Setting the…

Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes

Mitigate cross-site scripting (XSS) with a strict Content Security Policy (CSP), Articles

XSS - Attacks & Defense

XSS 101 - Brute XSS

PDF) Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey

Applied Sciences, Free Full-Text

Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes

Detection of cross-site scripting (XSS) attacks using machine learning techniques: a review

Node.js Security: Preventing XSS Attacks

Bypassing modern XSS mitigations with code-reuse attacks - Truesec

Advanced Techniques to Bypass & Defeat XSS Filters, Part 1 « Null Byte :: WonderHowTo

Reflected XSS protected by very strict CSP, with dangling markup attack (Video solution, Audio)

A Pentester's Guide to Cross-Site Scripting (XSS)

Bypassing modern XSS mitigations with code-reuse attacks - Truesec

Reflected XSS protected by very strict CSP, with dangling markup attack (Video solution, Audio)