So you have been coding a new CMS for your site… making every effort to make sure any/all user inputted data is escaped properly, but you still would like to remain paranoid and scan for vulnerabilities. We don’t blame you. sqlmap has been around for awhile, but now there are other choices.
Take a look at SQL Inject-Me from the Exploit-Me Firefox Add-on Suite from the Security Compass site. (Please download Firefox from the link to the left if you don’t have it already.) SQL Injection vulnerabilities can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me opens a nice tool GUI and lets you manually test individual (or just launch a ton of) SQL injection attacks against all forms on a given web page. Sure, it’s not a 100% solution, but works for your average user/code-monkey or any developer on a budget.
While you’re there, also take a look at XSS-Me to help guard against Cross-Site Scripting (XSS) attacks. Cross-Site Scripting is a common flaw found in today’s web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws.
The suite also includes the Access-Me Add-on for all 4 developers that still use Access… (LOL)
Related Posts: On this day...
- Bitcoin explained by the Economist - 2011
- GoldenEye Wii Debut Trailer - 2010
- E3 2010: Goldeneye 007 for Wii officially announced! - 2010
- White Berbarian ready to put movie execs in Hurt Locker - 2010
- E3 2010: the 4 things you need to know about Microsoft's press conference - 2010
- Have botnet prices crashed? - 2009
- Top 10 NFL Teams Season Tickets Waiting Lists - 2009