Sister CISA CISSP

Jun 25 2010   5:11PM GMT

A Freebie for Auditing Your Web Application for SQL flaws

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

I ran across a mention of this tool in a SANS newsbite.

Scrawl latest version requires information

Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list of available table names.

You can also access the 1.0 version at Softpedia if you are reluctant to give HP more marketing fodder. Softpedia does check it’s offered downloads for malware, which I always appreciate.

Given that SQL injection is the most common form of data breach, it might be worthwhile to try it, if your website has less than 1500 pages.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: