This is an open forum for any mojoPortal topics that don't fall into the other categories.
We'd like to perform some automated penetration testing on our mojoPortal-based application (to test for some common vulnerabilities like SQL injection, cross site scripting, etc.). I've come across skipfish (http://code.google.com/p/skipfish/) as a potential solution to this problem, but I was wondering what other tools people have found helpful. Free and low-cost solutions are preferred.
We don't have any recommendations but others might.
It's always good to do penetration testing but one must take a lot of care when reviewing and interpreting the results of the testing. Automated tools do not understand the purpose of the website they are scanning. A tool might claim there is a vulnerability because someone can post something it deems as "bad" to a page but you want people to be able to post that particular thing the tool thinks is "bad".
If you find a vulnerability that you are unsure about or you know is an issue, please use our contact form to let us know. This will give us time to issue a patch before the issue is made public and the real "bad guys" try to exploit it.