Finally found a sql injection scanner that would help u secure ur sql better by listing out its vulnerabilities. you can download a free trail or request a free security audit. the service scans for SQL Injections, Cross Site Scripting and other Web Vulnerabilities [ SQL Injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitor´s browser.] other vulnerabilities it scans for:
- CRLF injection attacks
- Code execution attacks
- Directory traversal attacks
- File inclusion attacks
- Authentication attacks
- & More…
Resources:
Read whitepapers & articles about Web application security
- SQL injection : SQL injection is a hacking technique which attempts to pass SQL commands through a web application for execution by a backend database.
- Cross site scripting : Cross Site Scripting (also known as XSS or CSS) generally occurs when a dynamic web page gathers malicious data from a user and displays the input on the page without it being properly validated.
- CRLF Injection : A CRLF Injection occurs when a hacker manages to inject CRLF Commands into the system.
- Directory traversal : Directory Traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory.
- Authentication hacking : Authentication hacking is a term used when the attacker breaks into the system by proving to the application that he is a known and valid user, the attacker gains access to whatever privileges the administrator assigned that user.
- Google hacking : Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines.
A Must Audit for all Web Apps!
www.acunetix.com/sql-injection/
No comments:
Post a Comment