| Thursday May 26th 2016

Scan for SQL/XSS Injection Vulnerabilities Using “Exploit-Me” Firefox Add-on Suite

Security Compass SQL Inject Me Firefox pluginSo you have been coding a new CMS for your site… making every effort to make sure any/all user inputted data is escaped properly, but you still would like to remain paranoid and scan for vulnerabilities. We don’t blame you. sqlmap has been around for awhile, but now there are other choices.

Take a look at SQL Inject-Me from the Exploit-Me Firefox Add-on Suite from the Security Compass site. (Please download Firefox from the link to the left if you don’t have it already.) SQL Injection vulnerabilities can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me opens a nice tool GUI and lets you manually test individual (or just launch a ton of) SQL injection attacks against all forms on a given web page. Sure, it’s not a 100% solution, but works for your average user/code-monkey or any developer on a budget.

While you’re there, also take a look at XSS-Me to help guard against Cross-Site Scripting (XSS) attacks. Cross-Site Scripting is a common flaw found in today’s web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws.

The suite also includes the Access-Me Add-on for all 4 developers that still use Access… (LOL)

Exploit-Me Suite

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.