Penetration Testing Tools

This is an open forum for any mojoPortal topics that don't fall into the other categories.

This thread is closed to new posts. You must sign in to post in the forums.

2/22/2018 4:03:20 AM

kullboys

Total Posts 1

View Posts

Penetration Testing Tools

Hello everyone

We'd like to perform some automated penetration testing on our mojoPortal-based application (to test for some common vulnerabilities like SQL injection, cross site scripting, etc.). I've come across skipfish (http://code.google.com/p/skipfish/) as a potential solution to this problem, but I was wondering what other tools people have found helpful. Free and low-cost solutions are preferred.

Thanks!

2/26/2018 2:30:51 PM

Joe Davis

Total Posts 2239

View Posts

Re: Penetration Testing Tools

Hi,

We don't have any recommendations but others might.

It's always good to do penetration testing but one must take a lot of care when reviewing and interpreting the results of the testing. Automated tools do not understand the purpose of the website they are scanning. A tool might claim there is a vulnerability because someone can post something it deems as "bad" to a page but you want people to be able to post that particular thing the tool thinks is "bad".

If you find a vulnerability that you are unsure about or you know is an issue, please use our contact form to let us know. This will give us time to issue a patch before the issue is made public and the real "bad guys" try to exploit it.

Thank you,
Joe

You must sign in to post in the forums. This thread is closed to new posts.