Security testing addons

354 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
354
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security testing addons

  1. 1. Essential Security Testing Addons Sreenath
  2. 2. 3 Essential Security Add-ons for Devs v HackSearch v XSS Me v SQL inject Me
  3. 3. HackSearch v  Unwanted pages crawled by Google bot v  Backlinks v  Exposed Data v  Exposed FilesExposed Emails v  Whois v  DNS (Health and Information) v  Antivirus site approval v  Builtwith Technologies
  4. 4. XSSMe v  XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS.rnrn v  The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.rnrn. v  The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. v  There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.rnrn v  You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.
  5. 5. SQL Inject Me v  SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities. v  The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. v  The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page. v  The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool. v  You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.
  6. 6. Thank you

×