Search Results for "sql injection attack"

Technically, it is a third-party Nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not supposed to be part of a URI. Being very simple, those patterns may match legitimate queries, it is Naxsi's administrator duty to add specific rules that will whitelist legitimate behaviors. The administrator can...

The FreeWAF provides specialized, layered application threat protection. It protects your web-based applications and internet-facing data from attack and data loss. Using advanced techniques to provide bidirectional protection against sophisticated threats like SQL injection and cross-site scripting, it helps you prevent identity theft, financial fraud and corporate espionage.

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more.

hwk is an easy-to-use application used to attack and discover wireless networks. It's providing various modes such as authentication/deauthentication flood, beacon and probe response fuzzing.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

CookieMonster that demonstrates HTTP session hijacking attacks. It sniff your network interface and hijack all cookie. The hijacked cookies can be edit and/or injected in your Firefox. It include a arp poisoning tool.

mySQLenum is a command line automatic blind sql injection tool for web application that uses MySql server as its back-end. Its main goal is to provide an easy to use command line interface.

SpaceMonkey is a Web application auditing tool. It can detect bugs or security flaws without using a knowledge database. It uses fault injection technics ('fuzzing') in order to reveal the flaws (SQL injection, XSS, File inclusion, command execution ).

Libdejector is a database tool which defeats SQL injection attacks by performing context-free validation of queries. While written in C, SWIG wrappers exist for Python and other languages will be following soon.