xss – Internetblog.org.uk https://www.internetblog.org.uk Web hosting, Domain names, Dedicated servers Fri, 29 Jan 2016 11:05:52 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.5 https://www.internetblog.org.uk/files/2016/01/cropped-favico-32x32.png xss – Internetblog.org.uk https://www.internetblog.org.uk 32 32 Find security holes in web applications with Powerfuzzer https://www.internetblog.org.uk/post/921/find-security-holes-in-web-applications-with-powerfuzzer/ Mon, 25 Jan 2010 17:00:08 +0000 http://www.internetblog.org.uk/post/920/find-security-holes-in-web-applications-with-powerfuzzer/ Powerfuzzer v1 main window
Any security-minded system administrator has heard of cross site scripting (XSS). It might even keep you up at night, but there are steps you can take to identify vulnerabilities in your websites and deal with them. One method of finding vulnerabilities is to use fuzz testing (the insertion of random commands and code into web applications to see how they react).

Powerfuzzer is a free web fuzzer that allows administrators to create custom tests for their web applications to identify vulnerabilities. In essence, it is a web application vulnerability scanner. Currently, Powerfuzzer tests for the following security vulnerabilities:

  • Cross Site Scripting (XSS)
  • Injenctions (SQL, LDAP, code, commands, and XPATh)
  • CRLF
  • HTTP 500 statuses

You can download Powerfuzzer from the project’s website. It is free and open source software, released under the GNU General Public License.

]]>