2

Possible Duplicate:
Preparing an ASP.Net website for penetration testing

How to test an already built-in website across user attacks? I have got a Process Management System developed in .NET, now before putting it into production environment, I want to test it via some series of attacks.

I appreciate if some one could share some common attacks that are commonly applied over web applications I know some such as unauthorized access, URL embedded attacks, sql injection an so on..

Please share your experiences and recommendation, thank you.

Community
  • 1
  • 1
newbi
  • 307
  • 1
  • 5
  • 9

1 Answers1

3

Checklist:

Web Application Security Guide/Checklist

Many free tools are available, you can try out these:

  • Netsparker: Netsparker Community Edition is a SQL Injection Scanner.
  • Websecurify
  • Watcher : Watcher is a Fiddler addon which aims to assist penetration testers in passively finding Web-application vulnerabilities.
  • Wapiti: Web application vulnerability scanner / security auditor
  • N-Stalker
  • skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
  • Scrawlr
  • x5s: x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It's main goal is to help you identify the hotspots where XSS might occur by: 1. Detecting where safe encodings were not applied to emitted user-inputs. 2. Detecting where Unicode character transformations might bypass security filters. 3. Detecting where non-shortest UTF-8 encodings might bypass security filters
  • Exploit-Me: Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use.

Free Web Application Security Testing Tools

Kapil Khandelwal
  • 15,958
  • 2
  • 45
  • 52