Penetration Testing Tools

This is an open forum for any mojoPortal topics that don't fall into the other categories.

2/22/2018 4:03:20 AM
Gravatar
Total Posts 1

Penetration Testing Tools

Hello everyone

We'd like to perform some automated penetration testing on our mojoPortal-based application (to test for some common vulnerabilities like SQL injection, cross site scripting, etc.).  I've come across skipfish (http://code.google.com/p/skipfish/) as a potential solution to this problem, but I was wondering what other tools people have found helpful. Free and low-cost solutions are preferred.

Thanks!

2/26/2018 2:30:51 PM
Gravatar
Total Posts 2056

Re: Penetration Testing Tools

Hi,

We don't have any recommendations but others might. 

It's always good to do penetration testing but one must take a lot of care when reviewing and interpreting the results of the testing. Automated tools do not understand the purpose of the website they are scanning. A tool might claim there is a vulnerability because someone can post something it deems as "bad" to a page but you want people to be able to post that particular thing the tool thinks is "bad". 

If you find a vulnerability that you are unsure about or you know is an issue, please use our contact form to let us know. This will give us time to issue a patch before the issue is made public and the real "bad guys" try to exploit it.

Thank you,
Joe