| Scanner | Version | Vendor |
| ScreamingCSS | 1.02 | David deVitry |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 18.18% Detection Rate 14.29% False Positives | (12/66) (1/7) |
| Response Type | Input Vector | Detection Rate | Details |
| Reflected XSS | HTTP GET (Query String Parameters) | 6 out of 33 | Cases Detected: 1-4,30(1st&2nd) Cases Missed: 5-29,31,32 |
| Reflected XSS | HTTP POST (Body Parameters) | 6 out of 33 | Cases Detected: 1-4,30(1st&2nd) Cases Missed: 5-29,31,32 |
| False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 1 out of 7 | 2 |
| I placed the ?wget? file distributed with the scanner ?Gamja? in the same directory of the tool.
I executed the scan using the following commands: perl screamingCSS.pl -e -i -v http://192.168.46.2:8080/wavsep/index-xss.jsp >> SCSS_wavsepXSS_Scan_report.txt perl screamingCSS.pl -e -i -v http://192.168.46.2:8080/wavsep/index-false.jsp >> SCSS_wavsepFalse_Scan_report.txt The tool managed to crawl all the application URLs. |