Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there any service, or test suite or something which I can run against my site and expose any major security flaws. I don’t expect I’ll need to worry about hackers, but I want to eliminate security risks which can easily be exploited. i.e. SQL injection, cross site scripting etc..
You can use skipfish to detect XSS/SQLi vulnerabilities. It can be pretty hard on servers (brute forcing stuff, generating lots of requests), so you may want to read about its options/flags.
For SQL injection, sqlmap is pretty good in finding and exploiting SQL injections. Definitely worth a try.
I regularly use both of these tools for my penetration tests and they are pretty good at finding meaningful stuff.