I am testing out my scripts to see if they will prevent xss and sql injections. Can someone provide me with some basic but good scripts that would "hack" into my programs. I want to test my scripts before it goes online.
EDIT: Thank you all for those links, they contain loads and loads of information. But for a beginner to security, is there a recommended site that's? I'm not sure if I am ready to dive straight into in-dept security issues. I like the links waiwai933 recommended.
What is the difference between XSS and SQL injection? XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application's database.
SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
Some common SQL injection examples include: Retrieving hidden data, where you can modify an SQL query to return additional results. Subverting application logic, where you can change a query to interfere with the application's logic. UNION attacks, where you can retrieve data from different database tables.
If a web application or website uses SQL databases like Oracle, SQL Server, or MySQL, it is vulnerable to an SQL injection attack. Hackers use SQL injection attacks to access sensitive business or personally identifiable information (PII), which ultimately increases sensitive data exposure.
Each situation requires different scripts, so there is no 'one size fits all' that anyone could provide. The list of scripts that would need to be tested goes into the thousands before you can be certain that your site is safe.
You may want to check Firefox or Chrome plugins which allow you to test SQL injections. I suggest this one, but you may want to look for others as well: https://addons.mozilla.org/en-US/firefox/addon/6727. What this does is that it allows you to provide a list of injection scripts, which it probably provides a few by default, and then once you activate it, it bombards your site with these scripts and lets you see where the vulnerabilities are.
I suggest this site for some example XSS scripts: http://ha.ckers.org/xss.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With