Web Vulnerability Scanners

JSeverson · #1 (**permalink**) 04-22-2008, 12:12 PM

Hi,
I was wondering if anyone had any recommendations for software that will detect security holes on Web sites that would allow SQL injections. A client of mine, who has had numerous Web developers throughout the years and whose site is huge, suffered an SQL injection last week and now I'm left going through thousands of files of new and old ASP code to close possible security holes. I'm hoping to find something that will help me speed up the process of identifying these issues.

I did a search on Google but I really don't know which products are good. Anyone know anything about Acunetix Web Vulnerability Scanner? It looks like it may be what I'm looking for but I don't know if their product is reliable.

Thanks,
Jeff

mjancosek · #2 (**permalink**) 04-22-2008, 05:51 PM

I feel your pain. This has happened to one of my clients as well about 6 months ago.
I used this:
Nikto | CIRT.net

I found this open source here:
Top 10 Web Vulnerability Scanners

There are several web scanners for you to choose from. Some of these are even "Open Source" which = to "Free".

Good luck.

JSeverson · #3 (**permalink**) 04-22-2008, 06:11 PM

Thanks for the links. An associate of mine actually provided the same Top 10 link about an hour ago and I've been reviewing the list. The Acunetix Web Vulnerability Scanner that I found is actually 8th on the list. I'll have to check out Nitko.