Checking applications security using hackers' tools

October 3rd 2024

Use automated vulnerability discovery tools to quickly find out missed spots in your application security.

If you work on a software that is being used by some big organisations, chances are high that those organisations are going to want to run a pentest on your software.

After a pentest is done, the security firm sends a report about the vulnerabilities that they find, and hackers/security testers give some information about their testing techniques.

This has given me a glimpse into the kinds of tools hackers use to infiltrate a system.

Security is a very specific scope of engineering. More and more as software is being used in many aspects of our societies, and their interconnection is a given, security is raising to the top of the concerns.

To be able to stengthen our applications against potential attackers, I find it tremendously helpful to use the tools that automate classic threats, so we're at least sure that we have good security roots.

SQLMap

https://sqlmap.org/

Automatically exploit an SQL injection. Allows you to quickly see if queries behind an endpoint are vulnerable to injections.

Ghauri

https://github.com/r0oth3x49/ghauri

Another tool for detecting and exploiting SQL injections.

Burp Suite

https://portswigger.net/burp/releases/professional-community-2024-4-5?requestededition=community&requestedplatform=

For capturing HTTP requests and responses, checking for XSS and CSRF vulnerabilities.

ZAP

https://www.zaproxy.org/

Another tool to scan a web app for vulnerabilities.

Previous: Software engineering books to read and reread