Security Testing of Web Applications: a Search Based Approach for Cross-Site Scripting Vulnerabilities