GIAC Penetration Tester (GPEN) — Question 76

Which type of Cross-Sire Scripting (XSS> vulnerability is hardest for automated testing tools to detect, and for what reason?

Answer options

• A. Stored XSS. because it may be located anywhere within static or dynamic sitecontent
• B. Stored XSS. because it depends on emails and instant messaging systems.
• C. Reflected XSS. because It can only be found by analyzing web server responses.
• D. Reflected XSS: because it is difficult to find within large web server logs.

Correct answer: A

Explanation

Stored XSS is challenging for automated tools to detect as it can be embedded in various locations across both static and dynamic content of a website. In contrast, reflected XSS typically manifests in immediate responses to user input, making it easier to identify through server analysis. The other options incorrectly attribute the complexity of detection to different factors that do not accurately reflect the nature of XSS vulnerabilities.