Liteweight XSS and SQL Injection testing tools

by kriggins on March 30, 2008

in Security testing, Tools

Sometimes it is nice to have a quick tool that will scan a site for basic XSS or SQL Injection vulnerabilities. It is even nicer if you don't have to go through some long drawn out setup procedure just to see if a field has any tasty morsels to chew on. Enter a free suite of tools call Exploit-Me by
Security Compass - Application Security.

The suite currently consists of two tools:

  1. XSS-Me - a tool to test for Cross-Site Scripting vulnerablities
  2. SQL Inject-Me - a tool to test for SQL Injection vulnerabilitie

The beauty of the Exploit-Me suite is the tools are Firefox add-ons and don't require a proxy.Install the add-on and when you are on a page you want to test, just open the sidebar and go to town.

Take a peek. I think you'll like them.

-Kevin Riggins

Previous post:

Next post: