Sitemap
All pages on the site.
Builder
Blog
- Authorized XSS testing: the boundaries matter more than the payload
- Why an XSS payload generator should stay client-side
- Context first: the part of XSS testing people still rush
- CSP does not fix XSS. It limits the blast radius if you are lucky
- Custom XSS templates need guardrails, not just a textarea
- Debugging DOM XSS means following data, not guessing payloads
- Local payload collections are boring. That is why they matter
- Designing an XSS playground that does not lie to the tester
- WAF filters and XSS: what breaks in production
- Writing XSS reports developers can actually fix
- XSS encoding pipelines: order matters more than people admit
- Welcome to xsspayloads