ARTÍCULO
TITULO

Testing Cross-Site Scripting (XSS) Vulnerabilities in an Online Payment Web Application

Artem S. Merkulov    
Olga R. Laponina    

Resumen

The object of the study is a web-based online payment company Payture, which cooperates with large companies and banks. Payture acts as a payment gateway between merchants, banks and payment systems, offering a flexible integration API. This paper analyzes how to test the Payture online payment web application for the presence of known cross-site scripting attack vectors. A recommended list of protection measures is determined for this application as well as for similar applications. The types of XSS attacks are considered, which allows you to design an attack and analyze the elements of a web application that can contain XSS vulnerabilities. Free and commercial software products are described that allow for a comprehensive or partial analysis of web applications for XSS vulnerabilities. The main features of the API company ?Payture? are considered, the sequence of actions for finding XSS vulnerabilities is determined. Suggestions have been made for sharing several tools for analyzing XSS vulnerabilities in web applications.