开发者

Security vulnerability testing tool for .NET web applications? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 7 years ago.

Improve this question

I am planning to check my website against all common security vulnerabilities like cross site scripting ,sql injection etc. Can somebody tell me is there any automated tool which I can run for my .net web app and find all security flaws exist. I tried CAt.net but it is not able to support big apps. i saw abt owsap but againt it is also not a开发者_Go百科utomated one. I am looking for something which can tell me file name and method name etc.


There are a few free tools for automated vulnerability discovery.

Skipfish - open source automated web application scanner http://code.google.com/p/skipfish/ Actively developed and maintained

GrendelScan - open source automated web application scanner http://grendel-scan.com/

Netsparker Community Edition http://www.mavitunasecurity.com/communityedition/ Free, limited version of Netsparker

RatProxy Non-intercepting proxy that performs vuln discovery http://code.google.com/p/ratproxy/

Here are a few to get you started.

The best approach is to perform manual testing and use automated testing to cover 'low-hanging fruit' scenarios.


Give Skipfish a try. It takes a little bit extra effort to install it on windows (you have to use Cygwin), but it's a pretty solid tool.


CAT.NET is helpful, but only when run as a command line for large applications. Using the visual studio plugin, I cant get it to run for crap on larger projects either.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜