Have a suggestion?

Click here to suggest a blog item.

Newsletters Archive

Catch up with DonationCoder by browsing our past newsletters, which collect the most interesting discussions on our site: here.

Editorial Integrity

DonationCoder does not accept paid promotions. We have a strict policy of not accepting gifts of any kind in exchange for placing content in our blogs or newsletters, or on our forum. The content and recommendations you see on our site reflect our genuine personal interests and nothing more.

Latest News

July 2, 2024
Server Migrations Coming

  • Donationcoder server migration is slowly proceeding, expect some hiccups as we get all our ducks in a row..

July 19, 2022
Software Update

Jan 3, 2022
Event Results

May 13, 2020
Software Updates

Mar 24, 2020
Mini Newsletter

Dec 30, 2019
Software Updates

Jan 22, 2020
Software Updates

Jan 12, 2020
Newsletter

Jan 3, 2020
Event Results

Jan 2, 2020
Software Updates

Dec 30, 2019
Software Updates

April 27, 2019
Software Updates

Feb 26, 2019
Software Updates

Feb 23, 2019
Software Updates

Feb 14, 2019
Software Updates

Jan 6, 2019
Event Results

Dec 2, 2018
Software Updates

Nov 13, 2018
Software Releases

July 30, 2018
Software Updates

June 24, 2018
Software Updates

June 6, 2018
Software Updates

Apr 2, 2018
Fundraiser Celebration

Apr 2, 2018
Software Updates

Feb 24, 2018
Software Updates

Jan 14, 2018
Major Site News

Jan 10, 2018
Event Results

Latest Forum Posts
Brilliant for old machines and using high CPU resources
This program has a serious impact my machine dramatically improving performance and responsiveness... I highly recommend this little program - especially if, like me you have an older computer and/or are a heavy CPU resource user. You'll notice the difference straight away and I believe you will be amazed.

Read more…

johnwindebank at cnet.com
johnwindebank at cnet.com image

Our daily Blog

This page spotlights the most interesting posts collected from our forum every day.

You are viewing a specific blog item. Click here to return to the main blog page.

Web-app security scanners for web developers and serveradmins (nice review)

blog clipart
In today's "web 2.0" world, web applications become more and more complex, and thus it becomes more and more common for some very nasty security bugs to be implemented.

As a web developer, being able to scan your own software for common things like SQL injection bugs or cross-site scripting vulnerabilities, may be a useful tool in your tool belt.

As a server administrator, being able to scan your server, and your user's sites for these problems is also a handy thing to be able to do.

There is quite a few of these web vulnerability scanners available commercially, and I had always wondered how effective they are. Someone on the penetration testing mailing list wrote up a very very nice review (PDF) of major vendors of this type of software.

Since it would be of interest of users of web-applications as well as developers and fellow server admins, I figured I'd share this here.

http://anantasec.blo...ners-comparison.html

From the report it seems that these things are pretty good at detecting common stuff like sql-injection (report shows that all sql-injection vulnerabilities were detected by all the tested software), but you can definitively not rely on them solely for security testing. (Which makes sense imo, since it's a very complex problem which seems hard to implement generic heuristic scanners for.)

posted by Gothi[c] donate to Gothi[c]
(permalink) (leave a comment)


Share on Facebook
submit to reddit