Re: SQL Injection and XSS testing,

[Josh Zlatin-Amishav <josh () ramat cc>]

On Sat, 24 Feb 2007, IRM wrote:

> Dear all,
>
> Excuse me for this basic question. Just wondering in regards to the SQL
> injection, is it sufficient to insert the input with "1=1--" to test
> whether a site is vulnerable to the SQL injection? How much level of
> assurance can we get by testing the SQL injection limited to "1=1--"?

The short answer is no. For instance, you may have an app that does not 
return an error message but is exploitable to blind SQL injection.

> If I am not wrong I guess most of the security aspects in Web
> application are mainly around input validation. So I was wondering is
> there any free open source software to automate all the input?

You are likely to miss vulnerabilities if you solely rely on automated
scanners. There are lots of tools out there to help automate some of the
work. When testing for Web App vulnerabilities you will need a good web
proxy. Take a look at Paros, which might help you automate some of the
input validation testing too.

Or maybe
> a list of stuff that usually need to test? Say SQL Injection or XSS? Is
> there a list of parameters kind of cheat sheet?


There are lots of lists out there. You may want to take a look at:
http://ha.ckers.org/xss.html
http://ha.ckers.org/sqlinjection/

--
 - Josh

-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using 
manual processes, or by using automated systems and tools. Watchfire's 
"Web Application Security: Automated Scanning or Manual Penetration 
Testing?" whitepaper examines a few vulnerability detection methods - 
specifically comparing and contrasting manual penetration testing with 
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------