XSS (Cross Site Scripting) is the #2 attack on the OWASP top 10.
Gamja is a platform independent XSS (Cross Site Scripting) and SQL Injection Scanner written in perl.
Gamja will find XSS(Cross site scripting) and SQL Injection weak point also URL parameter validation error.
Just like other open source tools Gamja is no longer be updated by the author but it is still a good choice to use, because it is free and it based on perl scripting, so there is no limitation of Operating system. If you are using Unix like system like Linux or BSD or if you are using Windows based system, in both case your can run gamja because it needs a perl program.
You can download Gamja from http://sourceforge.net/projects/gamja/
After you have downloaded and extracted Gamja it is very simple to use.
Open a Terminal and CD to the directory where you have extracted Gamja
Type gamja.pl and you will get some help on how to use Gamja.
To run a simple vulnerability scan in Terminal type gamja.pl http://sitetocheck.com. This will create a HTML report file, to see the vulnerabilities, in the same directory.
OWASP has started a monthly security blitz where we will rally the security community around a particular topic. The topic may be a vulnerability, defensive design approach, technology or even a methodology. All members of the security community are encouraged to write blog posts, articles, patches to tools, videos etc in the spirit of the current monthly topic. Our goal is to show a variety of perspectives on the topic from the different perspectives of builders, breakers and defenders.
No comments:
Post a Comment