Program security has been paid more and more attention by people. Apart from the need for developers to have some security knowledge, it is best to use security detection tools before the system goes online. Here we will introduce a simple and practical vulnerability detection tool: Paros, which can be downloaded from the address below:
Http://www.hackervip.com/Soft/UploadSoft/2010505/paros.rar
Download, unzip, and install the SDK. You must set the browser address and port 8080 before use, as shown in figure
Open Paros and start the test. Access the application to be tested in the browser, for example, "http: // localhost/eWebEditor/index. jsp ". Return to Paros to see the list under Sites. Select the application you just entered and select Scan from the Analyse menu. A Scaning window is displayed. After the test is complete, press OK, you can open Last in the Report menu.
Scan Result to view the test report. For example, the results of the preceding test editor are as follows:
The report shows that two intermediate vulnerabilities are found in this test: Cross-site scripting. The report also states the testing parameters and vulnerability repair suggestions. Cross-site Scripting is a common vulnerability in websites. If sensitive data is involved, you must fix it as soon as possible.
Program security has been paid more and more attention by people. Apart from the need for developers to have some security knowledge, it is best to use security detection tools before the system goes online. Here we will introduce a simple and practical vulnerability detection tool: Paros, which can be downloaded from the address below:
Http://www.hackervip.com/Soft/UploadSoft/2010505/paros.rar
Download, unzip, and install the SDK. You must set the browser address and port 8080 before use, as shown in figure
Open Paros and start the test. Access the application to be tested in the browser, for example, "http: // localhost/eWebEditor/index. jsp ". Return to Paros to see the list under Sites. Select the application you just entered and select Scan from the Analyse menu. A Scaning window is displayed. After the test is complete, press OK, you can open Last in the Report menu.
Scan Result to view the test report. For example, the results of the preceding test editor are as follows:
The report shows that two intermediate vulnerabilities are found in this test: Cross-site scripting. The report also states the testing parameters and vulnerability repair suggestions. Cross-site Scripting is a common vulnerability in websites. If sensitive data is involved, you must fix it as soon as possible.