skipfish - web security testing

-
SKIPFISH is an automated, active web application security assessment tool.

SKIPFISH can be used to run  a series of tests on a website or web application to help identify potential secuirty risks.

SKIPFISH will classify risks discovered as high, medium and low.

Example risks are

  • Server-side SQL injection 
  • Explicit SQL-like syntax in GET or POST parameters.
  • Server-side shell command injection
  • Server-side XML / XPath injection 
  • Format string vulnerabilities.
  • Integer overflow vulnerabilities.

For more information visit http://code.google.com/p/skipfish/

Comments

  1. Great tool, I heard about it before. I create software that makes life easier, but often I do not have enough strength and energy to test my code, then I turn to him http://www.deviqa.com. I have been collaborating with them, the good guys, quality testing software, is very pleased with their work. They told me about this tool, it is a high quality, as safety is paramount.

    ReplyDelete

Post a Comment

Popular posts from this blog

Basic Send Message to MQ with Java and IBM MQ JMS

-
package my.mq.samples;

import javax.jms.JMSException;
import javax.jms.Session;
import javax.jms.TextMessage;

import com.ibm.mq.jms.MQQueue;

import com.ibm.mq.jms.MQQueueConnection;
import com.ibm.mq.jms.MQQueueConnectionFactory;
import com.ibm.mq.jms.MQQueueSender;
import com.ibm.mq.jms.MQQueueSession;
import com.ibm.msg.client.wmq.WMQConstants;

public class MQSend {

public static void main(String[] args)
{
try {
MQQueueConnectionFactory cf = new MQQueueConnectionFactory();
cf.setHostName("localhost");
cf.setPort(1414);

cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT);

cf.setQueueManager("QM_GRIDSERVER");
cf.setChannel("SYSTEM.ADMIN.SVRCONN");

MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection();
//MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection("username","password");

MQQueueSession session = (MQQueueSession) connection.createQueueSession(false, Session.AUTO_ACKN…
Read more

Basic Receive Message to MQ with Java and IBM MQ JMS

-
package my.mq.samples;

import javax.jms.JMSException;
import javax.jms.Session;
import javax.jms.TextMessage;
import com.ibm.mq.jms.MQQueue;
import com.ibm.mq.jms.MQQueueConnection;
import com.ibm.mq.jms.MQQueueConnectionFactory;
import com.ibm.mq.jms.MQQueueReceiver;
import com.ibm.mq.jms.MQQueueSession;
import com.ibm.msg.client.wmq.WMQConstants;

public class MQReceive {

public static void main(String[] args)
{
try {
MQQueueConnectionFactory cf = new MQQueueConnectionFactory();
cf.setHostName("localhost");
cf.setPort(1414);

cf.setIntProperty(WMQConstants.WMQ_CONNECTION_MODE, WMQConstants.WMQ_CM_CLIENT);

cf.setQueueManager("QM_GRIDSERVER");
cf.setChannel("SYSTEM.ADMIN.SVRCONN");

MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection();
//MQQueueConnection connection = (MQQueueConnection) cf.createQueueConnection("username","password");

MQQueueSession session = (MQQueueSession) connection.createQueueSession(false, Session.AUTO…
Read more

Creating a simple Alert / Success Message with ASP.NET/VB using Bootstrap

-
In your AddContact.aspx page use something like the following

      <div class="row-fluid">
            <div class="span6">
                <h2>New Contact</h2>
            </div>
            <div class="span6">
                <asp:Label ID="AlertWindow" Visible="false" CssClass="alert alert-success" runat="server"></asp:Label>
            </div>
        </div>

And in your AddContact.aspx.vb code use something similar to this.  Basically set the message for the alert window, make the alert window visible and set the approprate css style.  You can make this  alot cleaner with a set of classes to implement bootstrap for ASP.NET.  So this is just an example.

    ......
    ......
    AlertWindow.Visible = True
    Try
        ......
        sSQLQuery = "INSERT INTO......"
        ......
        AlertWindow.Text = "New Contact Added Succes…
Read more