informa
/
Risk
Quick Hits

Quick Website Vulnerability Self-Test

Breach Security offers simple test you can do on your own to check for Website flaws

Worried your Website may harbor some serious vulnerabilities? Web application firewall maker Breach Security has come up with a quickie do-it-yourself test for Website owners that might help you spot the most common Website flaws -- SQL injection, cross-site scripting (XSS), and session hijacking.

SQL injection: To test for SQL injection bugs, peruse the application and find places where users can enter text, such as where the text is used to perform a lookup function, according to Breach. Then type a single quote character and some text: If the application shows an error message from your database, then you're likely housing an SQL injection bug.

Cross-site scripting (XSS): Find areas in your application that accept user input, such as a page where users can send in their feedback or reviews of a product, for example. Try submitting this text -- a less-than sign, the word "script," and then the greater-than sign (with no spaces in between): < script >

If that text displays where you reload the page, then your site has an XSS vulnerability, according to Breach.

Session hijacking: If your application has a session identifier number in the URL -- which Breach does not recommend -- decrease that number by one and reload the page. The app has a session hijacking vulnerability if the app then "sees" you as a different user. And if you don't have a session identifier in the URL, load a plug-in onto your browser that lets you view and modify cookies, according to Breach, which sells Web application firewalls. "Look in the cookie for session identifiers and perform the same test," according to Breach.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5