Ask HN: How do you perform penetration testing on your webapp?

16 points by nabilt ↗ HN
Is there a browser plugin or app that can help me reveal security holes in my web app? Something like a Metasploit for the web.

So far I've been writing my own tests, but there is no question someone smarter than me will find a vulnerability. There are a number of great resources on the different types of exploits and how to fix them, but I havent found anything to tell me if I've implemented the solution correctly.

7 comments

[ 3.3 ms ] story [ 29.8 ms ] thread
ZmEu @ WhiteHat Team – www.whitehat.ro

is probably one of the more common ones. nessus http://www.tenable.com/products/nessus looks for published vulnerabilities as well, but that would be more along the lines of using an exploitable pop3 daemon or having phpmyadmin visible from your site. Zmeu does some of those scans, but, will also try to do SQL injection.

Take a look at https://www.owasp.org/ and review your source code for common vulnerabilities.

A very helpful tool for testing: http://portswigger.net/burp/proxy.html