{"_id":"58012591d19a512d00a7ca71","__v":0,"parentDoc":null,"project":"55db8f8f1a91690d007ad975","user":"574c9889a1f0be2000ae376e","version":{"_id":"55db8f901a91690d007ad978","project":"55db8f8f1a91690d007ad975","__v":17,"createdAt":"2015-08-24T21:41:36.034Z","releaseDate":"2015-08-24T21:41:36.034Z","categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"category":{"_id":"55e4c701177b6e0d003330fa","pages":["55e4c718177b6e0d003330fb","55e4c7ea40cda60d003bad38","55e4c823e252ac0d00303a54","55e4c9333325e60d007fbeb8","55e4c97540cda60d003bad3e","55e4c9903325e60d007fbebc","55e4c9c33325e60d007fbebe","55e4c9ce40cda60d003bad41"],"project":"55db8f8f1a91690d007ad975","version":"55db8f901a91690d007ad978","__v":8,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-08-31T21:28:33.497Z","from_sync":false,"order":2,"slug":"dashboard","title":"Dashboard"},"githubsync":"","updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-10-14T18:36:01.330Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":5,"body":"The Cross Site Scripting (XSS) Dashboard is provided for each protected application. It consists of two views:\n1. Vulnerabilities Overview\n2. Tuning\n\n#Vulnerabilities Overview\n----\nVulnerabilities Overview is a list of template files containing vulnerable code targeted in the occurrences listed above. As new vulnerabilities are discovered, they will appear in this list.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/9f6b8bb-Screen_Shot_2016-10-14_at_3.15.54_PM.png\",\n        \"Screen Shot 2016-10-14 at 3.15.54 PM.png\",\n        1108,\n        255,\n        \"#f1f1f1\"\n      ]\n    }\n  ]\n}\n[/block]\nEach vulnerability is represented with the following information:\n\n* *File* where the vulnerable code resides\n* *Line of Code* that is vulnerable\n* *Protection Mode* that indicates whether IMMUNIO is able to protect the vulnerable code\n* *Learned* shows the number of learned structures for the vulnerable route\n* *New* counts the number of new XSS structures reported for the reported file\n* *Attacks* represents the total number of attacks targeting this vulnerability\n* *Escaped* is the number of XSS attacks that IMMUNIO was able to sanitize\n* Last Occurrence shows the most recent date and time an XSS threat was raised\n\n#Tuning\n----\nThe Tuning section shows information on manually learned XSS behavior.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/618bdf5-Screen_Shot_2016-10-14_at_3.27.33_PM.png\",\n        \"Screen Shot 2016-10-14 at 3.27.33 PM.png\",\n        1107,\n        228,\n        \"#f0f0f0\"\n      ]\n    }\n  ]\n}\n[/block]\nEach Tuning item is represented with the following information:\n\n* *File* where the reported code resides\n* *Line of Code* that was reported for that file\n* *Protection Mode* indicates Normal when IMMUNIO is functioning properly\n* *Learned* shows the number of learned structures for the reported file\n* *Attacks* represents the total number of attacks against the file on that line before it was learned\n* *Escaped* is the number of XSS renders IMMUNIO was able to sanitize\n* *Last Occurred* shows the most recent date and time an XSS threat was raised\n* *Action* offers a remove link for any manually learned behaviors\n\n#XSS Vulnerability Details\n----\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/2fb19f1-Screen_Shot_2016-10-18_at_12.36.32_PM.png\",\n        \"Screen Shot 2016-10-18 at 12.36.32 PM.png\",\n        1620,\n        811,\n        \"#f1f1f1\"\n      ]\n    }\n  ]\n}\n[/block]\nVulnerability Details page shows additional information about individual requests that induced the reported behavior including runtime parameters and stack trace information about that request, as well as options to tune those events if desired.\n\nFrom the top of the page, this information includes:\nExpected Code Structures:\n         Code structures learned via automated learning (indicated with an \"A\") or manually learned via the Action menu (indicated with an \"M\").\nOccurrences:\n         Overview of HTTP requests that induced the same application behavior over time sorted by query that triggered the alert and number of occurrences.\nOccurrence Details:\n         Specific information about the selected Occurrence from the left hand panel.\nProtected:\n         Indicates whether protection was enabled at the time the event occurred.\nTimestamp:\n         Day and time when the selected event occurred.\nURL:\n         URL that was targeted with the HTTP request for this occurrence.\nDetected Code Structure:\n         Sanitized version of the code structure employed in the reported request.\nAction:\n         Menu of available tuning options for the reported request. (More information below)\nRoute:\n         Route affected by the reported code structure when available.\nTemplate:\n         Template where the reported code resides.\nLine:\n         Line of code where the reported code was able to be stored when available.\nContext:\n         Context where the reported code resides.\nResult:\n         Original code as presented without protection.\nProtected:\n         Original code with highlighted HTML tags that were removed if XSS Escaping was enabled.\n    \n#Tuning Options\n----\nIf IMMUNIO detects suspicious code that was not recorded in the Analysis Mode phase and this request is valid, you can update the sensors during vulnerability review.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/339c74b-Screen_Shot_2016-10-18_at_12.48.48_PM.png\",\n        \"Screen Shot 2016-10-18 at 12.48.48 PM.png\",\n        380,\n        83,\n        \"#e2e3de\"\n      ]\n    }\n  ]\n}\n[/block]\nThe following tuning options are available:\n\nAccept  this specific structure:\n         Allow this specific structure to execute in the future without alerting or escaping.\n    \nAccept any structure:\n         Do not report or escape any structures for this line of code.","excerpt":"","slug":"cross-site-scripting","type":"basic","title":"Cross Site Scripting (XSS)"}

Cross Site Scripting (XSS)


The Cross Site Scripting (XSS) Dashboard is provided for each protected application. It consists of two views: 1. Vulnerabilities Overview 2. Tuning #Vulnerabilities Overview ---- Vulnerabilities Overview is a list of template files containing vulnerable code targeted in the occurrences listed above. As new vulnerabilities are discovered, they will appear in this list. [block:image] { "images": [ { "image": [ "https://files.readme.io/9f6b8bb-Screen_Shot_2016-10-14_at_3.15.54_PM.png", "Screen Shot 2016-10-14 at 3.15.54 PM.png", 1108, 255, "#f1f1f1" ] } ] } [/block] Each vulnerability is represented with the following information: * *File* where the vulnerable code resides * *Line of Code* that is vulnerable * *Protection Mode* that indicates whether IMMUNIO is able to protect the vulnerable code * *Learned* shows the number of learned structures for the vulnerable route * *New* counts the number of new XSS structures reported for the reported file * *Attacks* represents the total number of attacks targeting this vulnerability * *Escaped* is the number of XSS attacks that IMMUNIO was able to sanitize * Last Occurrence shows the most recent date and time an XSS threat was raised #Tuning ---- The Tuning section shows information on manually learned XSS behavior. [block:image] { "images": [ { "image": [ "https://files.readme.io/618bdf5-Screen_Shot_2016-10-14_at_3.27.33_PM.png", "Screen Shot 2016-10-14 at 3.27.33 PM.png", 1107, 228, "#f0f0f0" ] } ] } [/block] Each Tuning item is represented with the following information: * *File* where the reported code resides * *Line of Code* that was reported for that file * *Protection Mode* indicates Normal when IMMUNIO is functioning properly * *Learned* shows the number of learned structures for the reported file * *Attacks* represents the total number of attacks against the file on that line before it was learned * *Escaped* is the number of XSS renders IMMUNIO was able to sanitize * *Last Occurred* shows the most recent date and time an XSS threat was raised * *Action* offers a remove link for any manually learned behaviors #XSS Vulnerability Details ---- [block:image] { "images": [ { "image": [ "https://files.readme.io/2fb19f1-Screen_Shot_2016-10-18_at_12.36.32_PM.png", "Screen Shot 2016-10-18 at 12.36.32 PM.png", 1620, 811, "#f1f1f1" ] } ] } [/block] Vulnerability Details page shows additional information about individual requests that induced the reported behavior including runtime parameters and stack trace information about that request, as well as options to tune those events if desired. From the top of the page, this information includes: Expected Code Structures: Code structures learned via automated learning (indicated with an "A") or manually learned via the Action menu (indicated with an "M"). Occurrences: Overview of HTTP requests that induced the same application behavior over time sorted by query that triggered the alert and number of occurrences. Occurrence Details: Specific information about the selected Occurrence from the left hand panel. Protected: Indicates whether protection was enabled at the time the event occurred. Timestamp: Day and time when the selected event occurred. URL: URL that was targeted with the HTTP request for this occurrence. Detected Code Structure: Sanitized version of the code structure employed in the reported request. Action: Menu of available tuning options for the reported request. (More information below) Route: Route affected by the reported code structure when available. Template: Template where the reported code resides. Line: Line of code where the reported code was able to be stored when available. Context: Context where the reported code resides. Result: Original code as presented without protection. Protected: Original code with highlighted HTML tags that were removed if XSS Escaping was enabled. #Tuning Options ---- If IMMUNIO detects suspicious code that was not recorded in the Analysis Mode phase and this request is valid, you can update the sensors during vulnerability review. [block:image] { "images": [ { "image": [ "https://files.readme.io/339c74b-Screen_Shot_2016-10-18_at_12.48.48_PM.png", "Screen Shot 2016-10-18 at 12.48.48 PM.png", 380, 83, "#e2e3de" ] } ] } [/block] The following tuning options are available: Accept this specific structure: Allow this specific structure to execute in the future without alerting or escaping. Accept any structure: Do not report or escape any structures for this line of code.