So you think your web app is vulnerable. How do you find out more using automated tools? Let's start with the freely available ones.
1) Nikto.
On FreeBSD,
cd /usr/ports/security/nikto && make install clean && rehash
nikto -update
nikto -host http://yourserver
You're looking for 0 errors.
2) Netsparker Community Edition for Windows
Download it here. Unlike some other free scanners, this can detect SQL Injections as well as XSS attacks. Highly useful.
3) N-Stalker Free Edition.
Download it here. Has limitation of up to 500 pages max, and reduced number of rules compared to paid ed.
No comments:
Post a Comment