[英]Tool for Scanning Website for Vulnerabilities
I've seen several questions on SO about this, but none of them quite fit what i'm looking for. 我已经看到了SO这个几个问题,但他们没有很适合我要找的。 I've got an ASP.NET Site on my machine that i recently finished, but i'm a little worried about Security. 我的机器上有一个ASP.NET站点,我最近完成了,但我有点担心安全性。 I'm pretty sure I've managed it pretty well, but there's always an offchance i've missed something. 我很确定我已经很好地管理了它,但是总有一些事情让我错过了一些东西。
So, I'm looking for a tool that meets the following reqs 所以,我正在寻找满足以下要求的工具
Thanks! 谢谢! Lemme know if i'm not specific enough or if this is better suited for Webmasters SE. Lemme知道我是不是足够具体或者是否更适合网站管理员SE。
There are a few scanning tools around, some of which are open source, which is nice. 有一些扫描工具,其中一些是开源的,这很好。 The exploits you are talking about are technology agnostic - any app could suffer from them regardless of whether it's .net, java, ruby, etc. This makes testing for them slightly easier. 你所谈论的漏洞是与技术无关的 - 任何应用程序都可能受到它们的影响,无论它是.net,java,ruby等。这使得对它们的测试稍微容易一些。 Also, SQL injection and XSS bugs are usually application specific, which makes automagically testing for them harder. 此外,SQL注入和XSS错误通常是特定于应用程序的,这使得对它们的自动测试更加困难。
The best thing you can do is not be worried about security, but take specific steps to address issues. 您可以做的最好的事情不是担心安全性,而是采取具体步骤来解决问题。 Security should always be designed into your application. 应始终将安全性设计到您的应用程序中。 So carry out a code review on your app. 因此,请在您的应用上执行代码审核。 Look for specific things. 寻找具体的东西。
The above 2 steps will eliminate most SQL injection/XSS bugs. 以上两个步骤将消除大多数SQL注入/ XSS错误。 There are other issues to do with your server setup. 您的服务器设置还有其他问题。 Vulnerability scanning tools usually know most of these and can test for them. 漏洞扫描工具通常了解其中的大多数并可以对其进行测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.