You may want to try RSnake's SQL Injection Cheat Sheet, available here: <http://ha.ckers.org/sqlinjection/>.
He also has a XSS Cheat Sheet that you can find on the same site.
Hope
that helps!
--
Eugene
http://eugenekogan.net
--- IRM" <irm_at_iinet.net.au
wrote:
Dear all,
>
> Excuse me for this basic question. Just wondering
in regards to the SQL
> injection, is it sufficient to insert the input with
"1=1--" to test
> whether a site is vulnerable to the SQL injection? How
much level of
> assurance can we get by testing the SQL injection limited
to "1=1--"?
>
> If I am not wrong I guess most of the security aspects
in Web
> application are mainly around input validation. So I was wondering
is
> there any free open source software to automate all the input? Or maybe
> a list of stuff that usually need to test? Say SQL Injection or XSS? Is
> there a list of parameters kind of cheat sheet?
>
> John,
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------
Received on Feb 25 2007
Intro
