Friday, September 9, 2011

Web Application Security Scanner

Yesterday I stumbled upon a whole range of software I didn't know it exists. I've found Netsparker, that can automatically scan a website for vulnerabilities such as SQL Injection and Cross Site Scripting threats. All it needs is the URL to your website and it searches and exploits every possible interaction with server side scripts.

There is a Community Edition of Netsparker, which is free but has limited features. Nonetheless it helped me find *a lot* of SQL Injection and XSS threats on my websites. If you run any type of non-static website, I'd strongly suggest to try out this tool. I am damn glad to have used it.

You might also want to check out the comparison of 60 similar tools in this area.

1 comment:

  1. Just wanted to say thanks for this information. Have been using RegRipper plugins run with a couple of batch scripts I've cludged together, but nothing as 'clean' as this. Really helpful

    ReplyDelete