The latest news and blog information from testertools.com
A free utility that you can use to demonstrate SQL injection vulnerabilities in web apps has been released by web security specialists, NT OBJECTives.
NTO SQL Invader is interesting because it isn’t designed to find the vulnerability; instead, the aim is to give you a way to show how the vulnerability could be
SearchSecurity.com have featured a fantastic video on a Community version of the free Web app security testing tool Netsparker.
Sourced from TheAcademyPro.com, Peter Giannoulis demonstrates how to use the community version of Netsparker.
Netsparker, web application security scanner can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology it’s
.Net Testing Tools (7)A/B Testing. (1)Agile Testing (2)Ajax Testing Tools (4)Ant (4)Application Lifecycle Management (1)Automated Testing (67)Automated Testing Framework (30)Benchmarking Tools (11)Browser Based Testing (6)C/C++ Testing Tools (9)Cloud Based Testing Tools (14)Data Comparison (3)Data Generators (8)development tools (11)Eclipse plugins (3)embedded systems (6)Flash Testing Framework (5)Functional Testing (20)GUI Testing (17)HTML (2)Java (21)JavaScript (4)Linux Testing Tools (2)Load testing (11)microsoft (2)Mobile (8)Network Testing (17)New Software (4)Newsletter Archive (1)Oracle Database Test Tools (6)Performance Testing (36)Perl Testing Tools (3)Python Testing Tools (7)Quality Assurance (2)registry repair tools (1)Robotic Testing Tools (1)Ruby Testing Tools (4)Security Testing (25)Site News (3)Social Media (1)SQL Testing Tools (2)Static Analysis (1)TCL Testing Tools (3)Test Documentation Tools (5)Test Enviroment Management (8)Test Harnesses (2)Test Management (53)Tester Tools News (13)Unit Testing (10)Usability Tools (11)VB (3)Web Application Testing (5)Web Testing (26)Welcome (2)
A free utility that you can use to demonstrate SQL injection vulnerabilities in web apps has been released by web security specialists, NT OBJECTives.
NTO SQL Invader is interesting because it isn’t designed to find the vulnerability; instead, the aim is to give you a way to show how the vulnerability could be exploited.
NTO SQL Invader Provides Pen Testers and Developers the Ability to Quickly and Easily Exploit and Demonstrate SQL Injection Vulnerabilities in Web Applications
NT OBJECTives, a provider of automated, comprehensive and accurate Web Application security software, services and SaaS, today announced the availability of NTO SQL Invader, a free tool which provides pen testers and developers the ability to quickly and easily exploit and demonstrate SQL Injection vulnerabilities in Web applications.
Most organizations understand that SQL Injection vulnerabilities put their sensitive data at risk and it has been the dominant method used in this year’s high-profile web application attacks; with millions of sites attacked in 2011.
Despite the fact that SQL Injection is well documented and there are tools to discover the vulnerabilities, it has been very difficult to determine if the vulnerability can actually be exploited because most existing SQL Injection testing tools are executed from a command line, lack an intuitive user interface or are no longer supported. Without the ability to clearly demonstrate the exploitability of a vulnerability, remediation efforts are often delayed and friction between security and development teams surfaces. NTO SQL Invader allows pen testers and developers to quickly and easily leverage a vulnerability to view the list of records, tables and user accounts on the back-end database.
With a few simple clicks in NTO SQL Invader, a user can exploit a web application vulnerability that was discovered manually or from a Dynamic Application Security Testing (DAST) tool like NTOSpider. NTO SQL Invader works as a stand-alone tool and also includes integration with NTOSpider’s reporting technology to assist pen testers and developers in quickly identifying and validating discovered vulnerabilities. While reviewing and confirming results from NTOSpider, users can leverage NTO SQL Invader to provide a polished, real-world proof-of-concept for the discovered SQL Injection vulnerabilities.
“Accurate vulnerability identification is a crucial and challenging task but it is only half the battle,” says Dan Kuykendall, co-CEO and Chief Technology Officer of NT OBJECTives. “We wanted to support organizations in their analysis and remediation efforts by providing an easy to use tool that enables penetration testers to demonstrate how these vulnerabilities can be exploited. We felt it was important to provide a free and useful tool to our customers and to the entire community.”
SearchSecurity.com have featured a fantastic video on a Community version of the free Web app security testing tool Netsparker.
Sourced from TheAcademyPro.com, Peter Giannoulis demonstrates how to use the community version of Netsparker.
Netsparker, web application security scanner can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology it’s built on, just like an actual attacker. The tool searches fore vulnerabilities such as SQL injection and cross-site scripting. And the best part? The community version is entirely free.
To Watch a Video demo of this tool – click here
Comments --
Add