skipfish - web security testing

-
SKIPFISH is an automated, active web application security assessment tool.

SKIPFISH can be used to run  a series of tests on a website or web application to help identify potential secuirty risks.

SKIPFISH will classify risks discovered as high, medium and low.

Example risks are

  • Server-side SQL injection 
  • Explicit SQL-like syntax in GET or POST parameters.
  • Server-side shell command injection
  • Server-side XML / XPath injection 
  • Format string vulnerabilities.
  • Integer overflow vulnerabilities.

For more information visit http://code.google.com/p/skipfish/

Comments

  1. Thomas BurdickDecember 2, 2016 at 11:36 AM

    Great tool, I heard about it before. I create software that makes life easier, but often I do not have enough strength and energy to test my code, then I turn to him http://www.deviqa.com. I have been collaborating with them, the good guys, quality testing software, is very pleased with their work. They told me about this tool, it is a high quality, as safety is paramount.

    ReplyDelete

Post a Comment

Popular posts from this blog

Basic Send Message to MQ with Java and IBM MQ JMS

-
package my.mq.samples;

import javax.jms.JMSException;
import javax.jms.Session;
import javax.jms.TextMessage;

import com.ibm.mq.jms.MQQueue;

import com.ibm.mq.jms.MQQueueConnection;
import com.ibm.mq.jms.MQQueueConnectionFactory;
import com.ibm.mq.jms.MQQueueSender;
import com.ibm.mq.jms.MQQueueSession;
import com.ibm.msg.client.wmq.WMQConstants;

public class MQSend {

public static void main(String[] args)
{
try {
MQQueueConnectionFactory cf = new MQQueueConnectionFactory();
cf.setHostName("localhost");
cf.setPort(1414);

cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT);

cf.setQueueManager("QM_GRIDSERVER");
cf.setChannel("SYSTEM.ADMIN.SVRCONN");

MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection();
//MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection("username","password");

MQQueueSession session = (MQQueueSession) connection.createQueueSession(false, Session.AUTO_ACKN…
Read more

Basic Receive Message to MQ with Java and IBM MQ JMS

-
package my.mq.samples;

import javax.jms.JMSException;
import javax.jms.Session;
import javax.jms.TextMessage;
import com.ibm.mq.jms.MQQueue;
import com.ibm.mq.jms.MQQueueConnection;
import com.ibm.mq.jms.MQQueueConnectionFactory;
import com.ibm.mq.jms.MQQueueReceiver;
import com.ibm.mq.jms.MQQueueSession;
import com.ibm.msg.client.wmq.WMQConstants;

public class MQReceive {

public static void main(String[] args)
{
try {
MQQueueConnectionFactory cf = new MQQueueConnectionFactory();
cf.setHostName("localhost");
cf.setPort(1414);

cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT);

cf.setQueueManager("QM_GRIDSERVER");
cf.setChannel("SYSTEM.ADMIN.SVRCONN");

MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection();
//MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection("username","password");

MQQueueSession session = (MQQueueSession) connection.createQueueSession(false, Session.AUTO…
Read more

Configure Database Connection using MyBatis

-
Step 1: Create a propertiese file and store the relevant MySQL connection details here.

In my case the config.properties file contains the following
username=mysqluser
password=1234mysql
url=jdbc:mysql://localhost/bankrecords
driver=com.mysql.jdbc.Driver

Step 2: Create a configuration.xml file, this should contain all the required information needed to connect to your MySQL instance.  you need to reference the above propertiese file in the XML config file.

< ?xml version="1.0" encoding="UTF-8" ?>
< !DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<properties resource="config.properties" />
<environments default="staging">
<environment id="staging">
<transactionManager type="JDBC"/>
<dataSource type="POOLED">
<property name="driver" value="${driver}"/>
<…
Read more