There is a lot of information on how to avoid or detect XSS, but I couldn't find much information on how to monitor for reflected XSS. Is there a way to automatically detect reflected XSS in my application's logs? My guess is that we can run a parser on the logs and signal all the possible reflected XSS attacks. Is there a library already that does this?
Asked
Active
Viewed 93 times
1
-
You're probably just looking for a [WAF](https://en.wikipedia.org/wiki/Web_application_firewall). Granted, these are not _monitoring_ solutions, but I suspect they will do what you need anyway. – Conor Mancone Aug 14 '20 at 13:46
1 Answers
2
There are manual approaches and tools to analyze your logs (see eg here); but listing tools themselves would be off-topic here.
The problem with these approaches is that you are not monitoring for suggessful XSS attacks, but for attempts. This can also be useful to know how attackers are attacking your application, but there will be a lot of noise from automated scanner, etc.
It doesn't seem like this is what you necessarily want though. If you actually want to monitor for successful XSS attacks, you may want to consider using the reporting feature of CSP. You can also use it as report-only without negatively affecting usability of your application.
tim
- 29,018
- 7
- 95
- 119