12.1.2 Identify all uses of the following APIs, which may be used to access DOM data that can be controlled via a crafted URL:
document.location document.URL document.URLUnencoded document.referrer window.location
12.1.3 Trace the relevant data through the code to identify what actions are performed with it. If the data (or a manipulated form of it) is passed to one of the following APIs, the application may be vulnerable to XSS:
document.write() document.writeln() document.body.innerHtml eval() window.execScript() window.setInterval() window.setTimeout()
12.1.4 If the data is passed to one of the following APIs, the application may be vulnerable to a redirection attack:
document.location document.URL document.open() window.location.href window.navigate() window.open()
12.2.1 Review the logs created by your intercepting proxy to identify all the Set-Cookie directives received ...