skipfish - web security testing

-
SKIPFISH is an automated, active web application security assessment tool.

SKIPFISH can be used to run  a series of tests on a website or web application to help identify potential secuirty risks.

SKIPFISH will classify risks discovered as high, medium and low.

Example risks are

  • Server-side SQL injection 
  • Explicit SQL-like syntax in GET or POST parameters.
  • Server-side shell command injection
  • Server-side XML / XPath injection 
  • Format string vulnerabilities.
  • Integer overflow vulnerabilities.

For more information visit http://code.google.com/p/skipfish/

Comments

  1. UnknownDecember 2, 2016 at 11:36 AM

    Great tool, I heard about it before. I create software that makes life easier, but often I do not have enough strength and energy to test my code, then I turn to him http://www.deviqa.com. I have been collaborating with them, the good guys, quality testing software, is very pleased with their work. They told me about this tool, it is a high quality, as safety is paramount.

    ReplyDelete
  2. mary BrownOctober 29, 2019 at 2:26 AM

    I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai

    ReplyDelete
  3. Ana CyberJune 4, 2021 at 11:53 AM

    Ensuring the safety of websites or web applications is essential to prevent any sort of attacks (threats) and unauthorized access. As an information security consultant, I am glad to come across this. Thank you for sharing information about Skipfish. Great blog.

    ReplyDelete
  4. bldforensicsllcSeptember 6, 2021 at 5:09 AM

    I generally want quality content and I found that in your post. The information you have shared about.....is beneficial and significant for us. Keep sharing these kinds of articles here. Thank you. crime scene examination service Los Angeles

    ReplyDelete

Post a Comment

Popular posts from this blog

ActiveMQ, easy to use open source message oriented middleware (MOM)

-
ActiveMQ is message oriented middleware (MOM), useful for receiving and processing asynchronous messages (queues or topics). It is easily integrated with Java based applications (and others) via  the JMS API . ActiveQ offers enterprise scale features which may be required when implementing complex distributred systems such as   High availability with failover. Scalability and clustering through a distributed Network of Brokers. Pluggable persistence stores (JDBC, BDB, JDBM, file system). Distributed destinations and XA support. Caching. Connection pooling. Support for cross language clients such as . NET , C++. Support for scripting environments such as Perl, Python, and Ruby. Multiple Transport layers ( TCP , UDP, multicast, NIO, SSL , Zeroconf, JXTA, JGroups). Download at http://activemq.apache.org/
Read more

Basic Send Message to MQ with Java and IBM MQ JMS

-
package my.mq.samples;   import javax.jms.JMSException; import javax.jms.Session; import javax.jms.TextMessage; import com.ibm.mq.jms.MQQueue; import com.ibm.mq.jms.MQQueueConnection; import com.ibm.mq.jms.MQQueueConnectionFactory; import com.ibm.mq.jms.MQQueueSender; import com.ibm.mq.jms.MQQueueSession; import com.ibm.msg.client.wmq.WMQConstants; public class MQSend {     public static void main(String[] args) { try { MQQueueConnectionFactory cf = new MQQueueConnectionFactory(); cf.setHostName("localhost"); cf.setPort(1414);       cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT); cf.setQueueManager("QM_GRIDSERVER"); cf.setChannel("SYSTEM.ADMIN.SVRCONN");       MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection(); //MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection("username","password");  
Read more

Automated Service Monitoring with F5, Consul and Python F5 SDK

-
from f5.bigip import ManagementRoot # Connect to BIG-F5 mgmt = ManagementRoot("test.server.com", "testuser", "testpassword") # Get a list of all pools on the BigIP and print their names pools = mgmt.tm.ltm.pools.get_collection() for pool in pools:     print("+++ \t", pool.name)     for member in pool.members_s.get_collection():         print("\t--- \t",  member.name) # Create a HTTP Monitor for an F5 Pool if mgmt.tm.ltm.monitor.https.http.exists(partition='Common', name='F5Automation_HTTP_Monitor'):     print ("HTTP Monitor Already Exists...") else:     mgmt.tm.ltm.monitor.https.http.create(name="F5Automation_HTTP_Monitor", partition="Common") # Load an existing pool and update its description pool_a = mgmt.tm.ltm.pools.pool.load(name='F5Automation', partition='Common') pool_a.description = "F5Automation" pool_a.monitor = "F5Automation_HTTP
Read more