Security vulnerability testing tool for .NET web applications? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 7 years ago.

Improve this question

I am planning to check my website against all common security vulnerabilities like cross site scripting ,sql injection etc. Can somebody tell me is there any automated tool which I can run for my .net web app and find all security flaws exist. I tried CAt.net but it is not able to support big apps. i saw abt owsap but againt it is also not a开发者_Go百科utomated one. I am looking for something which can tell me file name and method name etc.

---

There are a few free tools for automated vulnerability discovery.

Skipfish - open source automated web application scanner http://code.google.com/p/skipfish/ Actively developed and maintained

GrendelScan - open source automated web application scanner http://grendel-scan.com/

Netsparker Community Edition http://www.mavitunasecurity.com/communityedition/ Free, limited version of Netsparker

RatProxy Non-intercepting proxy that performs vuln discovery http://code.google.com/p/ratproxy/

Here are a few to get you started.

The best approach is to perform manual testing and use automated testing to cover 'low-hanging fruit' scenarios.

---

Give Skipfish a try. It takes a little bit extra effort to install it on windows (you have to use Cygwin), but it's a pretty solid tool.

---

CAT.NET is helpful, but only when run as a command line for large applications. Using the visual studio plugin, I cant get it to run for crap on larger projects either.