WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SQL Injection and XSS testing,

From: eugk.46247649 () bloglines com
Date: 25 Feb 2007 01:19:52 -0000
You may want to try RSnake's SQL Injection Cheat Sheet, available here: <http://ha.ckers.org/sqlinjection/>.
He also has a XSS Cheat Sheet that you can find on the same site.

Hope
that helps!

--
Eugene
http://eugenekogan.net

--- IRM" <irm () iinet net au
wrote:
Dear all,


Excuse me for this basic question. Just wondering

in regards to the SQL

injection, is it sufficient to insert the input with

"1=1--" to test

whether a site is vulnerable to the SQL injection? How

much level of

assurance can we get by testing the SQL injection limited

to "1=1--"?


If I am not wrong I guess most of the security aspects

in Web

application are mainly around input validation. So I was wondering

is

there any free open source software to automate all the input? Or maybe



a list of stuff that usually need to test? Say SQL Injection or XSS? Is



there a list of parameters kind of cheat sheet? 

John,



-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using 
manual processes, or by using automated systems and tools. Watchfire's 
"Web Application Security: Automated Scanning or Manual Penetration 
Testing?" whitepaper examines a few vulnerability detection methods - 
specifically comparing and contrasting manual penetration testing with 
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: