On Sat, 24 Feb 2007, IRM wrote:
Dear all,
Excuse me for this basic question. Just wondering in regards to the SQL
injection, is it sufficient to insert the input with "1=1--" to test
whether a site is vulnerable to the SQL injection? How much level of
assurance can we get by testing the SQL injection limited to "1=1--"?
The short answer is no. For instance, you may have an app that does not
return an error message but is exploitable to blind SQL injection.
If I am not wrong I guess most of the security aspects in Web
application are mainly around input validation. So I was wondering is
there any free open source software to automate all the input?
You are likely to miss vulnerabilities if you solely rely on automated
scanners. There are lots of tools out there to help automate some of the
work. When testing for Web App vulnerabilities you will need a good web
proxy. Take a look at Paros, which might help you automate some of the
input validation testing too.
Or maybe
a list of stuff that usually need to test? Say SQL Injection or XSS? Is
there a list of parameters kind of cheat sheet?
There are lots of lists out there. You may want to take a look at:
http://ha.ckers.org/xss.html
http://ha.ckers.org/sqlinjection/
--
- Josh
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------
