Computer programmers are often treated as solution providers and can automate any tasks. Most applications developed today work on client browser environment as a web application working on various database modules. Hence security is always a key concern, so we are going to review top web security scanners.
Database Modules: MySQL, MS SQL, Oracle, Postgre SQL, MS Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB
Security Threats: SQL injection variants, XSS, URL rewriting rules, custom 404 error pages, WordPress & Joomla Vulnerabilities, OWASP
Solution Availability: Local, SAS or Cloud Solution
Acunetix – Fully Automated Ethical Hacking Solution
- Fast, scalable and can be integrated with WAF's
- Available locally and in cloud solution
- Issues compliance and management reports on web and network security vulnerabilities
- User-friendly, fully scalable, requires minimal setup and available as local and SAS solution
- Can scan up to 1000 applications in 24 hours and automatically detect SQL injections, XSS, URL rewriting rules, custom 404 error pages, and other security issues.
- Automated and accurate vulnerability assessments, triaging and verification with proprietary Proof Based Scanning technology which verifies false positives and save hundreds of man-hours.
- The verified vulnerabilities automatically posted on a bug tracking system so that the team starts working on the remedies straight away.
Ettercap – Ethical Hacking Tool
- Detects SSH in full duplex mode.
- Supports passive and active analysis of many protocols to detect the local network between two hosts.
- It discovers wireless network configuration on the
- Windows platform in short-range locations.
Detects unauthorized or rogue access points and causes of wireless interference.
- Manages vulnerability life-cycle and provides troubleshooting tips.
- Analyzes over 5000 vulnerabilities which include SQL injection, OWASP, WordPress & Joomla vulnerabilities
Cain & Abel
- Recover MS Access and encrypted passwords with a dictionary attack, crypt-analysis, and brute force.
- Sniff networks.
- Automate SQL injection and database takeover tool, using techniques like a boolean and time-based blind, error-based, Union and stacked queries and out-of-band.