Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Security vulnerability testing tool for .NET web applications? [closed]

I am planning to check my website against all common security vulnerabilities like cross site scripting ,sql injection etc. Can somebody tell me is there any automated tool which I can run for my .net web app and find all security flaws exist. I tried CAt.net but it is not able to support big apps. i saw abt owsap but againt it is also not automated one. I am looking for something which can tell me file name and method name etc.

like image 697
Punit Avatar asked Aug 12 '10 17:08

Punit


People also ask

Which tool is used for performing security test of web application?

1. Zed Attack Proxy (ZAP) Developed by OWASP (Open Web Application Security Project), ZAP or Zed Attack Proxy is a multi-platform, open-source web application security testing tool. ZAP is used for finding a number of security vulnerabilities in a web app during the development as well as the testing phase.

What is DAST and SAST tools?

What are SAST and DAST? SAST and DAST are application security testing methodologies used to find security vulnerabilities that can make an application susceptible to attack. Static application security testing (SAST) is a white box method of testing.

What is the difference between DAST and SAST?

The main difference between DAST and SAST lies in how each performs the security testing. SAST scans the application code at rest to discover faulty code posing a security threat, while DAST tests the running application and has no access to its source code.


1 Answers

There are a few free tools for automated vulnerability discovery.

Skipfish - open source automated web application scanner http://code.google.com/p/skipfish/ Actively developed and maintained

GrendelScan - open source automated web application scanner http://grendel-scan.com/

Netsparker Community Edition http://www.mavitunasecurity.com/communityedition/ Free, limited version of Netsparker

RatProxy Non-intercepting proxy that performs vuln discovery http://code.google.com/p/ratproxy/

Here are a few to get you started.

The best approach is to perform manual testing and use automated testing to cover 'low-hanging fruit' scenarios.

like image 121
ygjb Avatar answered Oct 13 '22 22:10

ygjb