Ask HN: Testing you own sites for SQL Injection and XSS
Hi everyone,
I'm getting a bit paranoid about some of my web apps being open to SQL injection and XSS. I'm using http://htmlpurifier.org/ to scrub inputs where necessary, but when it comes to SQL injection, I only know the absolute basics.
Do you test you apps using any tools? If so, which ones?
Likewise, what SQL injection tests do you run to make sure that you're not open to - at best - any of the more common attacks?
Thanks, Tom.
1 comment
[ 4.4 ms ] story [ 16.4 ms ] threadBut no, seriously, you should be using a library or something that sanitizes your SQL queries for you. If you aren't constructing the query string yourself, you should be okay.