Over several years compromising web application is the first target for hackers, after attacking any website hacker under a certain name promotes the attack by adding it to www.zone-h.org.Zone-H.org is a website archive of versions of defaced websites.The sources of the hacked website URLs submit their information anonymously, and often include an image of the hacked site. Sometimes the hackers themselves admittedly submit their hacked pages. Many feel this glorifies hacking.
Some hackers who post phishing sites (illegally gathering credit card, bank account or other personal information and/or passwords by posing as a legitimate site) use Zone-H’s list of hacked sites to find websites whose security status makes them vulnerable. That’s why we need to test our web resources very carefully, for that we can consider several tools including Websecurify an open source framework for testing web application, the platform is designed to perform automated as well as manual vulnerability tests.
The built-in vulnerability scanner and analyzing engine are capable of automatically detecting many types of web application vulnerabilities as you launch a penetration test. List of automatically detected vulnerabilities include:
- SQL Injection
- Local and Remote File Include
- Cross-site Scripting
- Cross-site Request Forgery
- Information Disclosure Problems
- Session Security Problems
- many others including all categories in the OWASP TOP 10
The current version is still a beta one but you can run it on all major platforms (Windows, Mac OS and Linux), also it is available for the Google Chrome (Chromium) web browser. This extension provides intuitive web application security testing environment which is easy to use by everyone: from casual users who want to check the security of their web apps to experienced professionals.