Web application security is one of the key point to measure the security of a company profile. Website is very important, if the website is personal or if you are responsible for the website of your client, in both cases you must be careful about the security of the website. It is a good practice to be update to secure from exploitation but what about application layer security.
You must do a penetration testing on web application to find the vulnerabilities like, SQL-injection, XSS and others.
There are so many tools that has been discussed before but there is another good tool called WebSurgery, WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Bruteforcer and Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS), brute-force for login forms, identification of firewall-filtered rules etc.
It has different tools built in to make the test efficient and less time consuming. It is available for windows but by using wine you can run it on Linux. The small description of the tools as below:
- Web Crawler: WEB Crawler was designed to be fast, accurate, stable, completely parametrable and the use of advanced techniques to extract links from Javascript and HTML Tags.
- WEB Bruteforcer: WEB Bruteforcer is a brute forcer for files and directories within the web application which helps to identify the hidden structure.
- WEB Fuzzer: WEB Fuzzer is a more advanced tool to create a number of requests based on one initial request. Fuzzer has no limits and can be used to exploit known vulnerabilities such (blind) SQL Inections and more unsual ways such identifing improper input handling and firewall/filtering rules.
0 comments:
Post a Comment