Any security-minded system administrator has heard of cross site scripting (XSS). It might even keep you up at night, but there are steps you can take to identify vulnerabilities in your websites and deal with them. One method of finding vulnerabilities is to use fuzz testing (the insertion of random commands and code into web applications to see how they react).
Powerfuzzer is a free web fuzzer that allows administrators to create custom tests for their web applications to identify vulnerabilities. In essence, it is a web application vulnerability scanner. Currently, Powerfuzzer tests for the following security vulnerabilities:
- Cross Site Scripting (XSS)
- Injenctions (SQL, LDAP, code, commands, and XPATh)
- HTTP 500 statuses
You can download Powerfuzzer from the project’s website. It is free and open source software, released under the GNU General Public License.