How Can Find A Vulnerable Web Site?

16/07/2011 23:29

Website security is a big problem today and should be a priority in any organization or webmaster, now concentrate hard for hackers to find holes in a web application, if you own a website and have a high page rank and high traffic, then there is a possibility that it might be a victim of hackers.

A few years of their existence without proper tool for vulnerabilities, but today there are many tools available through which even a beginner can find a vulnerable site and start Hacking

Common methods used for hacking site

There are many methods that can be used to hack a website, but most common are:

Injection 1.SQL

2.XSS (Cross Site Scripting)

3.Remote File Inclusion (RFI)

4.Directory traversal attack

5.Local File Inclusion (LFI)

6.DDOS attack

I explained some of these methods in my post "Common methods to hack a website"

Tools commonly used to find a vulnerable site

Acunetix

Acunetix is ​​one of my favorite tools for finding the respectability of any web application, it automatically checks your web applications for SQL injection, XSS and web vulnerabilities.

Download Acunetix Web Security Scanner

Nessus

Nessus is the best tool venerable Unix tests and the best drive in Windows. The main features of this software, including the local and remote files securitychecks client / server architecture with a GTK graphical user interface, etc.

Nessus download from the link below

http://www.nessus.org/download

Retina

The retina is a vulnerability assessment tool that scans all hosts on a network and a report on the vulnerabilities found.

Download the retina from the link below

http://www.eeye.com/Downloads/Trial-Software/Retina-Network-Security-

Scanner.aspx

Metasploit Framework

Metasploit Framework is a framework open source penetration testing with the largest database in the world of public exploits and tested.

Download Metasploit (Windows users) from the link below

http://www.metasploit.com/releases/framework-3.2.exe

Metaspolit Download (for Linux) from the following link

http://www.metasploit.com/releases/framework-3.2.tar.gz

That's it.