# website vulnerability scanner



## roelof (Jan 22, 2012)

Hello, 

I am developing a website with Symphony CMS. But I wonder which software I best can use to test if the website does not have SQl/XSS problems.

Roelof.


----------



## gkontos (Jan 22, 2012)

security/nikto is available in the ports. That should get you started. 

There are other products available, Nessus for example is a very good tool for that matter. But you will need to run it in Linux, Mac or Windows.


----------



## DutchDaemon (Jan 22, 2012)

security/nessus works just fine ..


----------



## roelof (Jan 22, 2012)

Thanks, 

I'm going to find out how I can use Nessus for my problem.

Roelof


----------



## SirDice (Jan 23, 2012)

Both Nessus and Nikto will only find simple and easily found known bugs. If you build something yourself it's quite likely they won't find any problems even if it's written completely insecure.

While they are good for a quick scan don't rely on them too much. If both applications can't find anything it could still mean your web application has bugs.


----------



## roelof (Jan 23, 2012)

Oke, 

Then I have to find another solution.

Roelof


----------



## tingo (Jan 23, 2012)

There is also OWASP, they have published some good information.


----------



## gkontos (Jan 23, 2012)

tingo said:
			
		

> There is also OWASP, they have published some good information.



They are also providing core ruleset signatures for www/mod_security


----------



## DanielWozniak (Jan 11, 2013)

I am co-founder of Orvant. We have a product which allows you to OpenVas, Nikto and W3aF  (both external and internal) through our portal. W3af is going to be the best bet of those three as it's not just working of a database of know threats but actually tries to determine the the inputs on the page runs different attack vectors on them. We also support some non-open commercial tools which may be usefull. You can check us out at http://www.orvant.com

Having said that, if you're a developer you still should follow the recommendations found here:

https://www.owasp.org/index.php/Main_Page

And here

http://code.google.com/p/doctype-mirror/wiki/ArticlesXSS


----------

