Well, here is my next article for the German HAKIN9 IT Security Magazin. This time it’s about Web-Security and it holds three examples (XSS, SQL-Injection and Blind SQL-Injection) about, how to identify and fix vulnerabilites in web applications. Tools used for this one are Netsparker Community Edition from mavitunasecurity, Arachni and sqlmap.
And of course not to forget, a big special THANKS to Dr. Philip Walter for his great support!
On my blog are some vulnerabilities called "Cross-site scripting" or "XSS", but what exactly is a Cross-site scripting?
They are some different possibilties to identify XSS vulnerabilities:
- use a web security scanner, like xsser, arachni, Nikto …
- test/review the code for places with user input which possibly ends into HTML output(contact forms, search forms …)