Web应用程序安全性测试

本文介绍了Web应用程序安全性测试的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我们正在使用Spring框架和Hibernate ORM开发一个Web应用程序.就应用程序安全性而言，我们正在使用acegi提供身份验证和授权支持.

We are developing a web application using Spring framework and Hibernate ORM. As far as application security is concerned we are using acegi to provide authentication and authorization support.

现在有关用户输入环境卫生的问题，我们已尝试小心处理XSS和sql注入之类的攻击.我们已经尝试使用尽可能多的准备好的语句和休眠条件来进行数据库更新和查询.输入也针对javascript进行了清理.

Now about user input sanitation, we have tried to take take care about attacks like XSS and sql injections. We have tried to use as much as prepared statements and hibernate criteria for database updates and queries. Inputs are sanitized for javascript also.

为了进行测试，我们尝试使用 Firebug ，篡改IE 和 Fiddler2 等等

For testing these we have tried to use tools like Firebug, Tamper IEand Fiddler2 etc.

我们还使用了监视鼠标之类的工具来进行漏洞测试.

We have also used tools like Watch Mouse to do vulnerability tests.

可用于Web应用程序安全性的其他工具有哪些?在开始进行Web应用程序安全性测试之前应考虑哪些方面.

What are the other tools available for web application security and what are the things to be considered before starting a web applications security testing.

谢谢

推荐答案

HP有一个称为Webinspect的安全评估工具，但它不是免费的，我也不推荐使用.我的公司不知道如何使用它，或者该工具在发现漏洞方面没有一致性.

HP has a security assessment tool called Webinspect, but it not free and I wouldn't recommend it. Either my company doesn't know how to use it, or the tool has no consistency in finding vulnerabilities.