Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: SQL Injection and XSS testing,

RE: SQL Injection and XSS testing,

From: WebAppSec <webappsec_at_technicalinfo.net>
Date: Sat, 24 Feb 2007 21:54:54 -0500

You should check out the paper at
http://www.niscc.gov.uk/docs/secureWebApps.pdf

It was originally a Blackhat training course developed by NGS Software, and
now made available to everyone via NISCC. It covers web application testing
methodologies around cross-site scripting and SQL Injection.

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On
Behalf Of IRM
Sent: Friday, February 23, 2007 6:13 PM
To: webappsec_at_securityfocus.com
Subject: SQL Injection and XSS testing,

Dear all,

Excuse me for this basic question. Just wondering in regards to the SQL
injection, is it sufficient to insert the input with "1=1--" to test
whether a site is vulnerable to the SQL injection? How much level of
assurance can we get by testing the SQL injection limited to "1=1--"?

If I am not wrong I guess most of the security aspects in Web
application are mainly around input validation. So I was wondering is
there any free open source software to automate all the input? Or maybe
a list of stuff that usually need to test? Say SQL Injection or XSS? Is
there a list of parameters kind of cheat sheet?

John,

-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------

-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------
Received on Feb 25 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos