I am planning to check my website against all common security vulnerabilities like cross site scripting ,sql injection etc. Can somebody tell me is there any automated tool which I can run for my .net web app and find all security flaws exist. I tried CAt.net but it is not able to support big apps. i saw abt owsap but againt it is also not automated one. I am looking for something which can tell me file name and method name etc.
Security vulnerability testing tool for .NET web applications? [closed]
Asked Answered
There are a few free tools for automated vulnerability discovery.
Skipfish - open source automated web application scanner http://code.google.com/p/skipfish/ Actively developed and maintained
GrendelScan - open source automated web application scanner http://grendel-scan.com/
Netsparker Community Edition http://www.mavitunasecurity.com/communityedition/ Free, limited version of Netsparker
RatProxy Non-intercepting proxy that performs vuln discovery http://code.google.com/p/ratproxy/
Here are a few to get you started.
The best approach is to perform manual testing and use automated testing to cover 'low-hanging fruit' scenarios.
thnks any idea how qualys is, i heard they r really good in this segment –
Geodesic
CAT.NET is helpful, but only when run as a command line for large applications. Using the Visual Studio plugin, I can't get it to run on larger projects either.
yeah this is the issue with CAT.NET as it cannot go beyond 1200 MB. but sometimes it even fails for smaller projects specially for web site projects. It was faling for my webiste, to overcome this i installed web deployemnt project given by MS and created a single DLL for my website(normally website creates dynamic dlls) then I ran this tool against this DLL and got success. While running this tool pls make sure you close other IDE if it is opened. –
Geodesic
© 2022 - 2024 — McMap. All rights reserved.