Reputation: 63485
tools to test a web site for XSS, sql inyection and other vulnerabilities
I'd like to know if there's any automated testing tool to check for vulnerabilities
I've seen a couple of reports, and they all seem to be done but automated tools...
Upvotes: 1
Views: 2159
Answers (2)
Reputation: 879
The best, highest quality, and most accurate testing will always be done by a skilled penetration tester. This can be very expensive though.
As far as automated tools, tons of options exist.
Commercial Grade tools (run anywhere from $300-$25,000 for a copy): - Veracode Dynamic Scanner - Whitehat - HP WebInspect - Cenzic Hailstorm - IBM AppScan - NTOSpider - Qualys - Burp Professional
Free/Open Source: - w3af - OWASP ZAP - Acunetix has a free trial for their commerical product http://www.acunetix.com/cross-site-scripting/scanner/ - Skipfish - Wfuzz
All of these tools will require some basic knowledge of web application vulnerabilities, as well as some manual configuration in order to get legitimate results.
I
Upvotes: 2
Reputation: 63485
looking for a similar question at SO, I've found this site that lists several tools
http://labs.securitycompass.com/exploit-me/
http://www.dwheeler.com/flawfinder/#othertools
Upvotes: 0
Related Questions
- How to manually attempt SQL injections on my website?
- Pentesting a website for SQL Injection
- Can someone give me some basic XSS and sql injection scripts? (not what it seems)
- Tool for Scanning Website for Vulnerabilities
- how to check sql injection and other php vulnerability in my site?
- Which tools or service to use for testing the site?
- Are there any SQL injection tools out there so I can test my site's vulnerabality?
- Are there cross-platform tools to write XSS attacks directly to the database?
- Testing of Web Security
- Texts/codes to test for XSS attacks in my software/website