Ask the Expert

Which tools will help in validating form input in a website?

Which tools can help me locate pages on our organization's website that are vulnerable to input validation?

    Requires Free Membership to View

Input validation, as you likely know, ensures that a program operates on clean and usable data. There are several tools in common use for locating webpages that are vulnerable to missing input validation. You may want to first review the OWASP Web security guidance, which will offer help on fixing problems with identified vulnerable pages.

There are two basic types of tools that can be used for finding these application threats: vulnerability scanners and Web application security scanners.

Over the last couple of years, any vulnerability scanners have added Web application security scanning functionality. These tools identify pages vulnerable to SQL injection or other Web security attacks, along with their more traditional use for operating system or application scanning. These scanners are useful as a part of your overall vulnerability management program, but they will not be as effective as dedicated Web application security scanners.

Web application security scanners or dedicated SQL injection tools can be more effective in identifying all pages on your website that are vulnerable. Web application security scanners will have more capabilities to identify input-validation vulnerabilities and may allow you to customize your Web application security scans for your website. Three types of tools that can be used are: Web-based services, like the cloud-based service offered by WhiteHat Security Inc., open source tools like the Windows GUI-based FG-Injector Framework and close-sourced commercial products like IBM Rational AppScan, which is also Windows based.

All of these tools require different levels of experience to effectively run the Web application security scan, and you will need to determine which tool is most appropriate for your environment.

Depending on the complexity of your website, you may find a large number of vulnerable pages and may need to prioritize them for remediation. Adding a Web application firewall for an additional layer of protection may be something to consider if you have a large number of vulnerable pages.

This was first published in May 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: