当前位置: 动力学知识库 > 问答 > 编程问答 >

html security profiling tools

问题描述:

I am developing a site and i am using yslow to profile speed and stats, webdeveloper for html and css validation, etc.

What can i use to check for security mistakes?

网友答案:

For security I recommend the open source wapiti or the commercial Sitewatch.

On a side note, html and css can't really cause security problems. Maybe if you have html links pointing to http content within https could be a problem and Sitewatch will inform you of of these problems.

网友答案:

Review this list.

Obviously what is relevant is your server-side language (so you may want to scan from the WEB side and then an analysis of the server code as well).

This is a significant field of work and research. It's good that you want to perform this type of analysis, and enjoy reviewing and testing all the various available tools :)

网友答案:

You can use free tools like Netsparker Community Edition or Skipfish

You can also refer to this list of free and commercial web app security scanners: http://projects.webappsec.org/w/page/13246988/Web-Application-Security-Scanner-List

网友答案:

Depending on the size of your site you could possibly use a tool called Fortify. It will scan your code for security vulnerabilites. I am sure there are other tools which are similar.

网友答案:

I assume you are familiar with OWASP Top 10 (http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project). You can try rat proxy (http://code.google.com/p/ratproxy/) - it is a security audit tool. Other http/https proxies such as paros also can to some extent detect injection and XSS flaws.

None of these is perfect and so with a good understanding of web application vulnerabilities you can supplement with some manual tests and code inspection.

分享给朋友:
您可能感兴趣的文章:
随机阅读: