On Sat, 24 Feb 2007, IRM wrote:
> Dear all,
>
> Excuse me for this basic question. Just wondering in regards to the SQL
> injection, is it sufficient to insert the input with "1=1--" to test
> whether a site is vulnerable to the SQL injection? How much level of
> assurance can we get by testing the SQL injection limited to "1=1--"?
The short answer is no. For instance, you may have an app that does not
return an error message but is exploitable to blind SQL injection.
>
> If I am not wrong I guess most of the security aspects in Web
> application are mainly around input validation. So I was wondering is
> there any free open source software to automate all the input?
You are likely to miss vulnerabilities if you solely rely on automated
scanners. There are lots of tools out there to help automate some of the
work. When testing for Web App vulnerabilities you will need a good web
proxy. Take a look at Paros, which might help you automate some of the
input validation testing too.
Or maybe
> a list of stuff that usually need to test? Say SQL Injection or XSS? Is
> there a list of parameters kind of cheat sheet?
There are lots of lists out there. You may want to take a look at:
http://ha.ckers.org/xss.html
http://ha.ckers.org/sqlinjection/
--
- Josh
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------
Received on Feb 25 2007
Intro
