Continuing our discussion from the previous chapter, we are now going to study how to use Python to automatically detect Cross-site scripting (XSS), Cross-site request forgery (CSRF), clickjacking, and secure sockets layer (SSL) stripping. All the techniques that we are going to discuss in this chapter will help us to expedite the web application assessment process. I recommend that you should not be confined to the approaches that we are going to discuss in this chapter. The approaches discussed can be taken as a baseline, and the same ideas can be extended and improved to arrive at better solutions or to develop tools that aid the pen testing community. This chapter will discuss the following topics:
- Cross-site scripting
- Cross-site request Forgery
- Clickjacking
- SSL strip (missing HSTS header)