[Owasp-topten] Reflected or Stored XSS?

Zaki Akhmad zakiakhmad at gmail.com
Thu Apr 2 12:03:15 EDT 2009


Hello,

I have a question. How do I differentiate between reflected or stored
XSS? Is it the source code *must* be available (I mean we get the
access to read it / they give the source code to me as a reviewer) so
that I can differentiate between them?

Thanks!
-- 
Zaki Akhmad


More information about the Owasp-topten mailing list