3
2
Is there a site that will scan my website and check it for security holes?
Preferably one that doesn't charge.
kylex
Posted 2009-09-06T04:36:12.520
Reputation: 575
Is there a site that will scan my website and check it for security holes?
Answers
1
You might want to look into WebScarab.
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.
Vulnerability assessment in web applications and web sites is not common available for free, and usually involves hiring a security consultant/researcher.
jtimberman
Posted 2009-09-06T04:36:12.520
Reputation: 20 109
The firefox plug in tamperdata fits the common usage; not to mention IE's fiddler. – dlamblin – 2009-09-10T19:30:13.080
0
I asked about Web Vuln scanners over on Server Fault recently. The only hosted option that was suggested was WebsiteOptimization.com's Security service. I haven't tried it yet, but they do offer a 14 day freebie.
Chris_K
Posted 2009-09-06T04:36:12.520
Reputation: 7 943
0
Take a look at ShieldsUp by Gibson Research.
I've used it in the past and it is free.
Jerry P
Posted 2009-09-06T04:36:12.520
Reputation: 236
I believe this one is for personal computers, not web-sites – dlamblin – 2009-09-10T19:23:53.777
0
There are some, but the free ones don't really tell you anything useful. I have personally yet to find a tool that fuzzes the input fields of every form and tests for sql vulnerabilities that seems... reputable. You sort of are best off doing this stuff by hand and going through a check list.
dlamblin
Posted 2009-09-06T04:36:12.520
Reputation: 9 293
I highly doubt it... at least not one that is well-intentioned. And especially not free. Instead, you should hire a developer who knows how to check for these things. – jtbandes – 2009-09-06T04:46:46.570
1This is probably better asked on Stackoverflow (if you're the site's developer) or Serverfault (if you're the site's admin). – derobert – 2009-09-06T06:40:29.710
Good question, but doesn't belong on Super User. – Sasha Chedygov – 2009-09-10T19:18:56.283