Welcome to WebmasterWorld Guest from 54.226.67.166

Forum Moderators: phranque

Message Too Old, No Replies

Vulnerability scanners to see if my site is hackable?

     

jake66

11:06 pm on Mar 9, 2010 (gmt 0)

5+ Year Member



Is there anything out there similar to Xenu Link Sleuth, but only it will scan my site for SQL injection vulnerabilities and other attacks?

So far the only programs I came across were pay-only, which is fine; but I want to see the program uninhibited before I drop money on it.

The best one I found so far was Acunetix Web Security Scanner -- but they don't allow me to test for SQL injections unless I have the pay version.

webcreationuk

4:40 am on Mar 12, 2010 (gmt 0)

5+ Year Member



Have you tried Scrawlr? It is developed by HP Web Security Research Group in coordination with Microsoft Security Response Center and that's what its job is: crawl a website and searches for SQL Injection Vulnerabilities.

JS_Harris

4:30 am on Mar 14, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



SQL injection sounds scary but it doesn't have to be scary. Take a look at your site, find all of the places that allow user input like search boxes and account logins, and see if you can type code into the box. See if you can type base64 encoded commands etc. Test those areas yourself to see if the url changes, an error code is returned or something other than an error page is returned.

If I type in GOGOGOGO into your forum login box for example and press enter... I shouldn't then see example.com/forums/GOGOGOGO as the url.

There's not much an automated SQL injection test will catch that you can't on your own once you know what to look for, ultimately you want to be able to watch your own back so to speak.

I know of two really good scanners but I think its against TOS to post recommendations here.

jake66

6:20 am on Mar 14, 2010 (gmt 0)

5+ Year Member



Yep, tried out Scrawlr and found no threats. I would like something that functions with more details and/or also does other threats.
I do try to test my own scripts myself, but you can never be too safe nowadays.

A pay program is not a problem, but I want least want 1 unlimited free trial to get a feel if it's what I'm looking for, or not.

JS_Harris, would it be possible to sticky me a link?
 

Featured Threads

Hot Threads This Week

Hot Threads This Month