skipfish - web security testing

-
SKIPFISH is an automated, active web application security assessment tool.

SKIPFISH can be used to run  a series of tests on a website or web application to help identify potential secuirty risks.

SKIPFISH will classify risks discovered as high, medium and low.

Example risks are

  • Server-side SQL injection 
  • Explicit SQL-like syntax in GET or POST parameters.
  • Server-side shell command injection
  • Server-side XML / XPath injection 
  • Format string vulnerabilities.
  • Integer overflow vulnerabilities.

For more information visit http://code.google.com/p/skipfish/

Comments

  1. UnknownDecember 2, 2016 at 11:36 AM

    Great tool, I heard about it before. I create software that makes life easier, but often I do not have enough strength and energy to test my code, then I turn to him http://www.deviqa.com. I have been collaborating with them, the good guys, quality testing software, is very pleased with their work. They told me about this tool, it is a high quality, as safety is paramount.

    ReplyDelete
  2. mary BrownOctober 29, 2019 at 2:26 AM

    I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai

    ReplyDelete

Post a Comment

Popular posts from this blog

ActiveMQ, easy to use open source message oriented middleware (MOM)

-
ActiveMQ is message oriented middleware (MOM), useful for receiving and processing asynchronous messages (queues or topics). It is easily integrated with Java based applications (and others) via  the JMS API . ActiveQ offers enterprise scale features which may be required when implementing complex distributred systems such as   High availability with failover. Scalability and clustering through a distributed Network of Brokers. Pluggable persistence stores (JDBC, BDB, JDBM, file system). Distributed destinations and XA support. Caching. Connection pooling. Support for cross language clients such as . NET , C++. Support for scripting environments such as Perl, Python, and Ruby. Multiple Transport layers ( TCP , UDP, multicast, NIO, SSL , Zeroconf, JXTA, JGroups). Download at http://activemq.apache.org/
Read more

Basic Send Message to MQ with Java and IBM MQ JMS

-
package my.mq.samples;   import javax.jms.JMSException; import javax.jms.Session; import javax.jms.TextMessage; import com.ibm.mq.jms.MQQueue; import com.ibm.mq.jms.MQQueueConnection; import com.ibm.mq.jms.MQQueueConnectionFactory; import com.ibm.mq.jms.MQQueueSender; import com.ibm.mq.jms.MQQueueSession; import com.ibm.msg.client.wmq.WMQConstants; public class MQSend {     public static void main(String[] args) { try { MQQueueConnectionFactory cf = new MQQueueConnectionFactory(); cf.setHostName("localhost"); cf.setPort(1414);       cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT); cf.setQueueManager("QM_GRIDSERVER"); cf.setChannel("SYSTEM.ADMIN.SVRCONN");       MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection(); //MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection("username","password");  
Read more

MySQL Error Invalid Table or Database Name

-
We upgraded our MySQL server recently which ran several Joomla web sites After the upgrade we discovered the following error in the mysql log files 090425 23:10:52 [ERROR] Invalid (old?) table or database name 'database-name' It turns out MySQL does not like the use of - in database names. One solution is to rename the MySQL database changing the - to an _ Then update the mysql dictionary UPDATE mysql.db SET Db = 'database_name' WHERE Db = 'database\-name'; FLUSH PRIVILEGES;
Read more