Sekiur My Thoughts
This year at the SecTor security conference in Toronto, Canada, Security Compass introduced a series of open source firefox extensions aiding in penetration testing exercises.
Illuminating the Black Art of Security. SecTor brings the world’s brightest (and darkest) minds together to identify, discuss, dissect and debate the latest digital threats facing corporations today. Unique to central Canada, SecTor provides an unmatched opportunity for IT Professionals to collaborate with their peers and learn from their mentors. Held at the Metro Toronto Convention Centre in downtown Toronto, SecTor runs two full days, October 7th and 8th. The event features Keynotes from North America’s most respected and trusted experts. Speakers are true security professionals with depth of understanding on topics that matter. SecTor is a must attend event for every IT Professional.
This suite of web application security testing tools is named Exploit-Me and its designed to be lightweight and easy to use.
The suite is compromised of XSS-Me allowing Cross-Site Scripting, which is a common flaw found in web applications, SQL Inject-Me used to check for SQL Injection vulnerabilities which would allow malicious users to view, delete and modify records and finally Access-Me which test for access vulnerabilities by trying to access resources without being authenticated.
XSS-Me
Cross-Site Scripting (XSS) is a common flaw found in today’s web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.
- Download XSS-Me Now!
- XSS-Me 0.4 release notes
- Get the source
- Read the FAQ to find out more
- Extended XSS string set
- Known issues
SQL Inject-Me
SQL Injection vulnerabilities can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.
- Download SQL Inject-Me Now!
- SQL Inject-Me 0.4 release notes
- Get the source
- Read the FAQ to find out more
- Known issues
Access-Me
Access vulnerabilities in an application can allow an attacker to access resources without being authenticated. Access-Me is the Exploit-Me tool used to test for Access vulnerabilities.
- Download Access-Me Now!
- Access-Me 0.2 release notes
- Get the source
- Learn to Hack Access Me to add evaluation code
- Read the FAQ to find out more
- Known issues
If you enjoyed this article, please consider sharing it!
