Page 1 of 1

vulnerability scanners

Posted: Thu Aug 13, 2009 1:56 pm
by chidge
Hi all

I am getting to the end of a mammoth creation and learning curve or creating a PHP, JavaScript and MYSQL dynamic site with hand made CMS and public user input in the form of comments throughout the site.

I have many good books and have taken all the security measures mentioned but now I want to run a vulnerability scanner over my work to catch anything I have missed.

Money is tight so does anyone know of or can recommend some great open source vulnerability scanners to test my site on my dev server before I set it free into the wild?

Many thanks in advance for any advice/recommendations

I have come across these two

http://grendel-scan.com/

http://portswigger.net/

Re: vulnerability scanners

Posted: Sat Aug 15, 2009 2:26 am
by kaisellgren
I know and I have tested lots of different vulnerability scanners. They are all crap. No automatic scanner can match human brains. You need to either learn to make secure code or get someone else to evaluate your code.

Re: vulnerability scanners

Posted: Sat Aug 15, 2009 4:49 am
by webmonkey88
the one that really does the damage is mysql injection, make sure you escape all your sql, and if you have a forum make sure they cant post javascript