This project was for a course teaching application software security. The project topic was Cross-site scripting (XSS), a client-side variant of the injection attack, which attempts to trick a website into placing malicious code onto a visitor's browser. To demonstrate an understanding of XSS, contributors developed a web application that can analyze HTML code, detect XSS vulnerabilities, and report the problems.
Guidelines and examples provided by OWASP were used to aid the creation of the analyzer.
- Node.js, to install packages required by the Web App
- Python3, to install packages for the backend analyzer
- To install the required Web App dependencies:
- Open a terminal.
- CD into the xvs_frontend/ directory.
- Enter the command npm install
- To install the required back-end packages:
- Open a terminal.
- CD into the xvs_backend/ directory.
- (Recommended) Start or Create and Start a python virtual environment.
- Install packages for your Operating system
- pip3 install flask html.parser flask_cors re
- To run:
Flask server:
- In xvs_backend/ directory: Enter command py main.py React Web App:
- In xvs_frontend/ directory: Enter command npm start
Example source code to test can be found in xvs_backend/test/
https://confluence.atlassian.com/bitbucketserver/basic-git-commands-776639767.html
https://github.com/josedlr93/xss_project/blob/master/xvs_backend/test/testCode.txt
Jose De La Rosa
Zach Krell