Saturday, June 10, 2006

SQL Injection Scanner

Finally found a sql injection scanner that would help u secure ur sql better by listing out its vulnerabilities. you can download a free trail or request a free security audit. the service scans for SQL Injections, Cross Site Scripting and other Web Vulnerabilities [ SQL Injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitor´s browser.] other vulnerabilities it scans for:

  • CRLF injection attacks
  • Code execution attacks
  • Directory traversal attacks
  • File inclusion attacks
  • Authentication attacks
  • & More…

Resources:

Read whitepapers & articles about Web application security

  • SQL injection : SQL injection is a hacking technique which attempts to pass SQL commands through a web application for execution by a backend database.
  • Cross site scripting : Cross Site Scripting (also known as XSS or CSS) generally occurs when a dynamic web page gathers malicious data from a user and displays the input on the page without it being properly validated.
  • CRLF Injection : A CRLF Injection occurs when a hacker manages to inject CRLF Commands into the system.
  • Directory traversal : Directory Traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory.
  • Authentication hacking : Authentication hacking is a term used when the attacker breaks into the system by proving to the application that he is a known and valid user, the attacker gains access to whatever privileges the administrator assigned that user.
  • Google hacking : Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines.

A Must Audit for all Web Apps!
www.acunetix.com/sql-injection/