This is a security testing project using Static Taint Analysis to detect XSS vulnerabilities in a PHP web application SchoolMate using the pixy tool.
The following tasks were performed:
- Running of the Pixy tool that detects all the XSS vulnerabilities, among which there are false positives and true positives.
- Security test cases
- Using JWebUnit to write prof-of-concept attacks
- Fixing the vulnerabilities by checking the root causes and describing them
- Finally report on passed and failed test and tainted analysis with fixed code
- Report