Ygthkb

Players preemptively rolling, even though their rolls are useless or are checking the wrong skills

Sing Baby Shark

Is it really OK to use "because of"?

Is the UK legally prevented from having another referendum on Brexit?

Minimum Viable Product for RTS game?

How can I give a Ranger advantage on a check due to Favored Enemy without spoiling the story for the player?

Explicit Riemann Hilbert correspondence

what is the required document in Agile

How bad is a Computer Science course that doesn't teach Design Patterns?

Is layered encryption more secure than long passwords?

Why "rm -r" is unable to delete this folder?

How to get a 2D Plot from a 3D Listplot?

Is the percentage symbol a constant?

If I tried and failed to start my own business, how do I apply for a job without job experience?

How to draw a node with two options using TikZ graphs in LaTeX

Taking an academic pseudonym?

Can I legally make a website about boycotting a certain company?

Bursted bubble like details on material

Does rolling friction increase speed of a wheel?

How do I fight with Heavy Armor as a Wizard with Tenser's Transformation?

How can I deduce the power of a capacitor from its datasheet?

Crack the bank account's password!

Calculating the strength of an ionic bond that contains poly-atomic ions

Does copper wire need to say it's copper?

Is there any good browser plugin or tool to quickly identify any security issues of a web site?

How to plan security testing of a web application?Top 10 Web Application Security ChecksHow to plan security testing of a web application?XSS/CSRF security testingAny testing resource for security testing of mobile web applicationsSecurity testing of web applicationHow to use soapUI for Boundary Scan security tests?Best Opensource Tool available for Security Testing of Web applicationsDoes adding the port number to a URL redirect pose a Security risk?Looking for alternative security testing tool like Acunetix?How to analyze the result of vulnerability scannerIs there any Mobile app Security Testing tool which uses a server-agent configuration instead of using proxy for intercepting requests?

2

1

Im working on a web project and need to give a quick update on how the security of the web site.
So is there any tool or browser plugin to do a quick scan for my web project and get a analysis report.

security-testing

share|improve this question

asked 4 hours ago

ChathuDChathuD

1,207423

add a comment | 

2

1

Im working on a web project and need to give a quick update on how the security of the web site.
So is there any tool or browser plugin to do a quick scan for my web project and get a analysis report.

security-testing

share|improve this question

asked 4 hours ago

ChathuDChathuD

1,207423

add a comment | 

Im working on a web project and need to give a quick update on how the security of the web site.
So is there any tool or browser plugin to do a quick scan for my web project and get a analysis report.

security-testing

share|improve this question

asked 4 hours ago

ChathuDChathuD

1,207423

share|improve this question

asked 4 hours ago

ChathuDChathuD

1,207423

share|improve this question

asked 4 hours ago

ChathuDChathuD

1,207423

asked 4 hours ago

ChathuDChathuD

1,207423

asked 4 hours ago

ChathuDChathuD

1,207423

1 Answer
1

active

oldest

votes

2

Yes for a few things but overall really I feel the answer is no single tool for what you seek.

Reviewing security is a manual process because it is is a multi-faceted process. It will frequently involve using various tools but there is not an overarching tool you can use to simply run a security report that I am aware of.

Also, if such a tool exists it will be of limited use as a broswer plugin, given that most of the security issues require analysis on the backend - and for that, there are security scan tools - but even these do not fully suffice because intent will not be clear just from the static code analysis.

A browser tool could report on:

• If HTTPS is being used


• Any hidden code in the HTML not displayed


• XSS (Cross Site Scripting)


• JavaScript vulnerabilities

Server side tools can report on:

• SQL injection


• JavaScript vulnerabilities


• Username/password storage in code (bad!)


• Large scale SQL updates


• Security in the application code


• Calls to other services


• Many other security concerns

Above are not comprehensive lists for security testing.

For that buy a security testing book and spend $20 to earn $80000

Also, from:
https://cwatch.comodo.com/blog/website-security/top-10-vulnerability-assessment-scanning-tools/ (March 2018)

Top 10 Vulnerability Assessment Scanning Tools

• Comodo HackerProof


• OpenVAS


• Nexpose Community


• Nikto


• Tripwire IP360


• Wireshark


• Aircrack


• Nessus Professional


• Retina CS Community


• Microsoft Baseline Security Analyzer (MBSA)

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Michael DurrantMichael Durrant

14k22065

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks Michael, That ring the bell on me.
  
  – ChathuD
  1 hour ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  See also sqa.stackexchange.com/q/607/8992
  
  – Michael Durrant
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  See also sqa.stackexchange.com/a/18202/8992
  
  – Michael Durrant
  1 hour ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "244"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsqa.stackexchange.com%2fquestions%2f37939%2fis-there-any-good-browser-plugin-or-tool-to-quickly-identify-any-security-issues%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

2

Yes for a few things but overall really I feel the answer is no single tool for what you seek.

Reviewing security is a manual process because it is is a multi-faceted process. It will frequently involve using various tools but there is not an overarching tool you can use to simply run a security report that I am aware of.

Also, if such a tool exists it will be of limited use as a broswer plugin, given that most of the security issues require analysis on the backend - and for that, there are security scan tools - but even these do not fully suffice because intent will not be clear just from the static code analysis.

A browser tool could report on:

• If HTTPS is being used


• Any hidden code in the HTML not displayed


• XSS (Cross Site Scripting)


• JavaScript vulnerabilities

Server side tools can report on:

• SQL injection


• JavaScript vulnerabilities


• Username/password storage in code (bad!)


• Large scale SQL updates


• Security in the application code


• Calls to other services


• Many other security concerns

Above are not comprehensive lists for security testing.

For that buy a security testing book and spend $20 to earn $80000

Also, from:
https://cwatch.comodo.com/blog/website-security/top-10-vulnerability-assessment-scanning-tools/ (March 2018)

Top 10 Vulnerability Assessment Scanning Tools

• Comodo HackerProof


• OpenVAS


• Nexpose Community


• Nikto


• Tripwire IP360


• Wireshark


• Aircrack


• Nessus Professional


• Retina CS Community


• Microsoft Baseline Security Analyzer (MBSA)

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Michael DurrantMichael Durrant

14k22065

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks Michael, That ring the bell on me.
  
  – ChathuD
  1 hour ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  See also sqa.stackexchange.com/q/607/8992
  
  – Michael Durrant
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  See also sqa.stackexchange.com/a/18202/8992
  
  – Michael Durrant
  1 hour ago
  

  
  
  
  

add a comment | 

2

Yes for a few things but overall really I feel the answer is no single tool for what you seek.

Reviewing security is a manual process because it is is a multi-faceted process. It will frequently involve using various tools but there is not an overarching tool you can use to simply run a security report that I am aware of.

Also, if such a tool exists it will be of limited use as a broswer plugin, given that most of the security issues require analysis on the backend - and for that, there are security scan tools - but even these do not fully suffice because intent will not be clear just from the static code analysis.

A browser tool could report on:

• If HTTPS is being used


• Any hidden code in the HTML not displayed


• XSS (Cross Site Scripting)


• JavaScript vulnerabilities

Server side tools can report on:

• SQL injection


• JavaScript vulnerabilities


• Username/password storage in code (bad!)


• Large scale SQL updates


• Security in the application code


• Calls to other services


• Many other security concerns

Above are not comprehensive lists for security testing.

For that buy a security testing book and spend $20 to earn $80000

Also, from:
https://cwatch.comodo.com/blog/website-security/top-10-vulnerability-assessment-scanning-tools/ (March 2018)

Top 10 Vulnerability Assessment Scanning Tools

• Comodo HackerProof


• OpenVAS


• Nexpose Community


• Nikto


• Tripwire IP360


• Wireshark


• Aircrack


• Nessus Professional


• Retina CS Community


• Microsoft Baseline Security Analyzer (MBSA)

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Michael DurrantMichael Durrant

14k22065

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks Michael, That ring the bell on me.
  
  – ChathuD
  1 hour ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  See also sqa.stackexchange.com/q/607/8992
  
  – Michael Durrant
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  See also sqa.stackexchange.com/a/18202/8992
  
  – Michael Durrant
  1 hour ago
  

  
  
  
  

add a comment | 

Yes for a few things but overall really I feel the answer is no single tool for what you seek.

Reviewing security is a manual process because it is is a multi-faceted process. It will frequently involve using various tools but there is not an overarching tool you can use to simply run a security report that I am aware of.

Also, if such a tool exists it will be of limited use as a broswer plugin, given that most of the security issues require analysis on the backend - and for that, there are security scan tools - but even these do not fully suffice because intent will not be clear just from the static code analysis.

A browser tool could report on:

• If HTTPS is being used


• Any hidden code in the HTML not displayed


• XSS (Cross Site Scripting)


• JavaScript vulnerabilities

Server side tools can report on:

• SQL injection


• JavaScript vulnerabilities


• Username/password storage in code (bad!)


• Large scale SQL updates


• Security in the application code


• Calls to other services


• Many other security concerns

Above are not comprehensive lists for security testing.

For that buy a security testing book and spend $20 to earn $80000

Also, from:
https://cwatch.comodo.com/blog/website-security/top-10-vulnerability-assessment-scanning-tools/ (March 2018)

Top 10 Vulnerability Assessment Scanning Tools

• Comodo HackerProof


• OpenVAS


• Nexpose Community


• Nikto


• Tripwire IP360


• Wireshark


• Aircrack


• Nessus Professional


• Retina CS Community


• Microsoft Baseline Security Analyzer (MBSA)

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Michael DurrantMichael Durrant

14k22065

share|improve this answer

edited 1 hour ago

answered 1 hour ago

Michael DurrantMichael Durrant

14k22065

answered 1 hour ago

Michael DurrantMichael Durrant

14k22065

answered 1 hour ago

Michael DurrantMichael Durrant

14k22065