Application for testing security?

Does anyone know of a program (preferably online) that I can point at my website and test it for SQL injections, XSS attacks, anti-automated input, session hijacking, ect?

An application will not be able to catch all so it’s much better checking this yourself. Having an application doing a full site sqli/xss scan with all vectors will take ages.

If you are using parameterized queries and escaping all data in templates/views there should be no problems.

SQLi: look for queries with variables in them, and remove the variables as they are a security risk.
XSS: escape all data on output. Remember to be very strict when outputting data into javascript.

For searches you could use Acunetix or Nessus, or any of the other tools made for this. You’ll find dozens on Google :slight_smile:

Qualsys, has a free online scanner, but I never used it…

Sponsor our Newsletter | Privacy Policy | Terms of Service