In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of the most common type of client-side vulnerabilities: DOM-based cross-site scripting (XSS).
Print
Share
Comment
Cite
Upload
Translate
APA
() » Vulnerability hunting with Semmle QL: DOM XSS. Retrieved from https://www.truth.cx/2019/11/06/vulnerability-hunting-with-semmle-ql-dom-xss/.
MLA" » Vulnerability hunting with Semmle QL: DOM XSS." - , https://www.truth.cx/2019/11/06/vulnerability-hunting-with-semmle-ql-dom-xss/
HARVARD » Vulnerability hunting with Semmle QL: DOM XSS., viewed ,
VANCOUVER - » Vulnerability hunting with Semmle QL: DOM XSS. [Internet]. [Accessed ]. Available from: https://www.truth.cx/2019/11/06/vulnerability-hunting-with-semmle-ql-dom-xss/
CHICAGO" » Vulnerability hunting with Semmle QL: DOM XSS." - Accessed . https://www.truth.cx/2019/11/06/vulnerability-hunting-with-semmle-ql-dom-xss/
IEEE" » Vulnerability hunting with Semmle QL: DOM XSS." [Online]. Available: https://www.truth.cx/2019/11/06/vulnerability-hunting-with-semmle-ql-dom-xss/. [Accessed: ]