开发者

html security profiling tools [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered 开发者_JS百科with facts and citations.

Closed 2 years ago.

Improve this question

I am developing a site and i am using yslow to profile speed and stats, webdeveloper for html and css validation, etc.

What can i use to check for security mistakes?


For security I recommend the open source wapiti or the commercial Sitewatch.

On a side note, html and css can't really cause security problems. Maybe if you have html links pointing to http content within https could be a problem and Sitewatch will inform you of of these problems.


Review this list.

Obviously what is relevant is your server-side language (so you may want to scan from the WEB side and then an analysis of the server code as well).

This is a significant field of work and research. It's good that you want to perform this type of analysis, and enjoy reviewing and testing all the various available tools :)


You can use free tools like Netsparker Community Edition or Skipfish

You can also refer to this list of free and commercial web app security scanners: http://projects.webappsec.org/w/page/13246988/Web-Application-Security-Scanner-List


Depending on the size of your site you could possibly use a tool called Fortify. It will scan your code for security vulnerabilites. I am sure there are other tools which are similar.


I assume you are familiar with OWASP Top 10 (http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project). You can try rat proxy (http://code.google.com/p/ratproxy/) - it is a security audit tool. Other http/https proxies such as paros also can to some extent detect injection and XSS flaws.

None of these is perfect and so with a good understanding of web application vulnerabilities you can supplement with some manual tests and code inspection.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜