XYZ for testing XSS findings? #1371
Replies: 2 comments
-
@SafeLanester I am not sure I understand the use case. |
Beta Was this translation helpful? Give feedback.
-
I apologize for not being clear, I seen on s0md3v/XSStrike in the FAQ section When you scan a single webpage, XSStrike makes use of a browser engine to ensure that the payload works and hence ensures zero false positives. XSStrike already covers all the common + some special contexts but there can be false negatives if the injection requires some special strategy. Tool xyz works against the target, while XSStrike doesn't! |
Beta Was this translation helpful? Give feedback.
-
Hi , I hope this message reaches you in good health and spirits. I was wondering if you could explain how to use XYZ for testing False Negatives and False Positives. I want to use both Xsstrike and that if I can.
Beta Was this translation helpful? Give feedback.
All reactions