In this chapter, we reviewed of the most reported vulnerabilities in bug bounty programs. In order to resume the ideas, a share with you the next list:

• An XSS vulnerability is an input validation error. It is derived due to a lack of input validation controls.
• All the input data in an application could be susceptible to XSS or other input validation vulnerabilities. It is important to review not just the fields in forms, but all the inputs, including the application control flow parameters.
• Use a HTTP proxy to analyze the HTTP request and avoid client-side security controls. All the input validation functions need to be developed in the backend.
• Try different types of encodings and payload variants. Most of the times, developers use black and white lists to prevent XSS vulnerabilities. These controls can sometimes be avoided. It just needs time and persistence.