Re: SQL Injection and XSS testing,

You may want to try RSnake's SQL Injection Cheat Sheet,
available here: <http://ha.cker
s.org/sqlinjection/>.
He also has a XSS Cheat Sheet that you can find on the same
site.

Hope
that helps!

--
Eugene
http://eugenekogan.net

--- IRM" <irmiinet.net.au
wrote:
Dear all,
> 
> Excuse me for this basic question. Just wondering
in regards to the SQL
> injection, is it sufficient to insert the input with
"1=1--" to test
> whether a site is vulnerable to the SQL injection? How
much level of
> assurance can we get by testing the SQL injection
limited
to "1=1--"?
> 
> If I am not wrong I guess most of the security aspects
in Web
> application are mainly around input validation. So I
was wondering
is
> there any free open source software to automate all the
input? Or maybe

> a list of stuff that usually need to test? Say SQL
Injection or XSS? Is

> there a list of parameters kind of cheat sheet? 
> 
> John,


------------------------------------------------------------
-------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the
application using 
manual processes, or by using automated systems and tools.
Watchfire's 
"Web Application Security: Automated Scanning or Manual
Penetration 
Testing?" whitepaper examines a few vulnerability
detection methods - 
specifically comparing and contrasting manual penetration
testing with 
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whi
tepapers.aspx?id=701500000008fH6
------------------------------------------------------------
--------------