Detection of vulnerabilities for dom-based cross-site scripting

Testing a web-based application for security vulnerabilities. At least one client request containing user data with a unique identifier can be transmitted to a web-based application. An HTML response and an associated Dokumentenobjektmodell- (DOM) object can be received by the web-based application. Content corresponding to the user data can be identified in the DOM object using the unique identifier. A portion of the DOM object that contains the user data can be identified as untrusted.