There are different ways and causes to hack and deface a website but as a web administrator and security analyst you have to make your application to be secure enough that nobody can hack it. Penetration testing is a good choice to measure the over all security of a website or even a network.
As discussed before different tools to perform a quick pen test on web application.
This article will introduce a new that are available to doing a quick penetration testing for web security.
Different tools like netsparker (for windows) and nikto, wapiti (for Linux). Firefuzzer is also available but for cross operating system because it is based on Java.
Firefuzzer is expected to perform black-box scans over the web pages. It will target the web page URL which is passed as an argument via command line and will mark the textboxes within the HTML forms to inject unacceptable data. Then, FireFuzzer will inject random textual data and submit the forms to see whether Exceptions are generated.
The aim of firefuzzer is to discover vulnerabilities in a web application, it can be run via command prompt and it has two main model.
- Buffer overflow
- Cross Site Scripting (XSS)
It is designed to find out following vulnerabilities: