php_Guy Posted September 28, 2008 Share Posted September 28, 2008 I ran across this today at http://www.acunetix.com/ They make a very expensive vulnerability scanner that may well be worth the price for a large production site. They also have a FREE version that scans for just XSS vulnerabilities. I tried it just to see how it worked and it said that my store was protected against XSS attack BUT it found a vulnerability in a whois script I forgot I even wrote that was located on my main site. A quick addition of htmlentities() around a couple of POST variables and the program verified that the vulnerability was corrected. I wish I had the money to spare for the full version ($1500 for a single site, $3500 for developers/designers). But the FREE version is well worth the time to download! If anyone knows of similar FREE scanners that detect other sorts of vulnerabilities, PLEASE post links here. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.