homepage Welcome to WebmasterWorld Guest from 54.227.5.234
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
Vulnerability scanners to see if my site is hackable?
jake66




msg:4094370
 11:06 pm on Mar 9, 2010 (gmt 0)

Is there anything out there similar to Xenu Link Sleuth, but only it will scan my site for SQL injection vulnerabilities and other attacks?

So far the only programs I came across were pay-only, which is fine; but I want to see the program uninhibited before I drop money on it.

The best one I found so far was Acunetix Web Security Scanner -- but they don't allow me to test for SQL injections unless I have the pay version.

 

webcreationuk




msg:4096027
 4:40 am on Mar 12, 2010 (gmt 0)

Have you tried Scrawlr? It is developed by HP Web Security Research Group in coordination with Microsoft Security Response Center and that's what its job is: crawl a website and searches for SQL Injection Vulnerabilities.

JS_Harris




msg:4097244
 4:30 am on Mar 14, 2010 (gmt 0)

SQL injection sounds scary but it doesn't have to be scary. Take a look at your site, find all of the places that allow user input like search boxes and account logins, and see if you can type code into the box. See if you can type base64 encoded commands etc. Test those areas yourself to see if the url changes, an error code is returned or something other than an error page is returned.

If I type in GOGOGOGO into your forum login box for example and press enter... I shouldn't then see example.com/forums/GOGOGOGO as the url.

There's not much an automated SQL injection test will catch that you can't on your own once you know what to look for, ultimately you want to be able to watch your own back so to speak.

I know of two really good scanners but I think its against TOS to post recommendations here.

jake66




msg:4097280
 6:20 am on Mar 14, 2010 (gmt 0)

Yep, tried out Scrawlr and found no threats. I would like something that functions with more details and/or also does other threats.
I do try to test my own scripts myself, but you can never be too safe nowadays.

A pay program is not a problem, but I want least want 1 unlimited free trial to get a feel if it's what I'm looking for, or not.

JS_Harris, would it be possible to sticky me a link?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved