Apart from SQL injection and XSS, what vulnerabilities should I check the site for?

I haven’t been interested in hacking methods for a long time, so I’m way behind the times. Who faced what?

Answer 1, authority 100%

I usually analyze the following options:

  • XSS
  • SQL injection
  • HTML Injection
  • HTTP Response Splitting

Take a look at OWASP Top Ten


Try walking through your creation thissystem

Answer 2, authority 12%

I would suggest using a web-scanner that would “walk” the entire site and find the weak spots. There are many different software for this purpose, for example Acunetix Vulnerability Scanner. It is easy to use and analyzes all kinds of vulnerabilities on the site (dos and ddos ​​attacks, sql injection, php injection, XSS attack, CSRF attack, etc), grouping them according to their importance. It also provides links to sources where you can read about bugs in a particular software and how hackers can use these bugs by writing the appropriate exploits(sometimes it can also give a link to the exploit), as well as how to fix these vulnerabilities /to avoid.

It is also worth noting that you should always monitor the access rights to files located on the web server. Since you can use the same web-scanner to find out about the partial directory structure on the server, which will allow you to run the script from the web.