Register  |  Login
Question Details    

   Question

Time: 16:41 - Aug 14, 2006     Asked by: Anpanman      Status: Answered      Points: 60   

SQL injections and cross site scripting - how to test and protect against it?

I'm looking for the basic developer rules of thumb and also software to automatically test a website to protect it against sql injection or XSS.
I'm aware of those issues when I develop a website, but I'm not sure if I get around all the possibilites of testing against it.
I've taken a look at the Acunetix Web Vulnerability Scanner, but I'm not sure if it's worth the money or if there are any other better products out there?

Ask a New Question

Become a Quomon Expert

Current Categories

  
XSS

Other Questions Needing Answers
How can I make my returning visitors see what has ...
how to add new records at runtime to Access datab...
how recovery a overwrite file
how to stop aol from connecting automatically
Bluetooth Peripheral Device Driver Needed in Vist...
What's wrong with mapping file.

   

Answer Discussion
Answer Discussion
Answer Summaries
Answer Summary
 
I'm going to keep this question open still.
I hope that someone knowledgeable in this field will pass by to answer it.

Expert:

Anpanman

Date:

Sep 20, 2006

Time:

11:23
 

Votes: Good (0) | Bad (0)
Login to rate this answer

SQL Injection, Cross-site Scripting & Automated Vulnerability Detection & Evaluation

There are some nice Open-Source Tools, you could give a try:

http://www.snort.org/
http://www2006.org/programme/files/xhtml...
http://www.pcre.org/

Otherwise, you might also find something here:

http://www.softwareqatest.com/qatweb1.ht...
http://dmoz.org/Computers/Security/Inter...

Or check my searchrolls at Rollyo for more:

http://rollyo.com/explore.html?rollterm=...

Enjoy. Greetings from Vienna

Expert:

bit2bit

Date:

Oct 03, 2006

Time:

00:13
 

Votes: Good (0) | Bad (0)
Login to rate this answer

Great, bit2bit!
Thanks for all the references.

Expert:

Anpanman

Date:

Oct 03, 2006

Time:

03:44
 

Votes: Good (0) | Bad (0)
Login to rate this answer

Question Answered

This question has been answered, and points have been rewarded to the following experts:

bit2bit: 60

You're welcome however to comment or give additional information or if you wish, you have the ability to write an Answer Summary for this question by clicking on the "Answer Summaries" Tab.

SQL Injection, Cross-site Scripting & Automated Vulnerability Detection & Evaluation

As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. For example, there has been extensive press coverage of recent security incidences involving the loss of sensitive credit card information belonging to millions of customers. Many web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the Internet that are vulnerable...

http://www.snort.org/
http://www2006.org/programme/files/xhtml......
http://www.pcre.org/
http://www.softwareqatest.com/qatweb1.ht......
http://dmoz.org/Computers/Security/Inter......
http://rollyo.com/explore.html?rollterm=...


Click here to see the Answer Discussion that preceded this summary.

Expert:

bit2bit

Date:

Oct 03, 2006

Time:

06:35
 
 

Login to rate this summary: Good  |  Bad

Respond to this question:

New User

  Email:

Upon submission of this form, you will automatically be registered as a Quomon user and we will send your login information to this address

Registered User

Username:

Password:

Forgotten Password

 

New User

  Email:

Upon submission of this form, you will automatically be registered as a Quomon user and we will send your login information to this address

Registered User

Username:

Password:

Forgotten Password

   

"Psst, Quomon is a great site. Pass it on."     Tell a Friend  |   Link To Us  |   Save to Delicious  |   Digg! Digg it

© 2005-2007   Quomon Small Logo How Quomon Works  |  Advertising  |  Corporate Solutions  |  Link To Us  |  About Us  |  Contact Us  |  Terms of Use  |  Privacy

All Questions


Language Options

English:

 www.quomon.com

Español:

 www.quomon.es

Quomon Blog
blog.quomon.com

Sponsors

Questions and Answers Software
Real Estate Postcards
Marketing Fulfillment