Though Manual security testing is the most recommended option, for automated testing there are various tools that can be used for automating Security Testing.
IronWASP is one of the most trustable open source tool that can be used for automating SQL Queries. Using this tool we can identify
Sensitive Form loaded and submitted Insecurely,
Password sent in URL
Server Leaking version number
Autocomplete Enabled in Password Fields
Identify the server information
Technologies identified on Server
This report gives a brief overview of the number of different findings, the numbers are categorized by the hosts they were discovered on. The index section contains the names of all the findings. The sections after that show details of every individual finding. The table below shows the number of findings discovered in each host. The findings are seperated based on their type and severity.
High Severity Vulnerability
Medium Severity Vulnerability
Low Severity Vulnerability
Things of interest for manual testing
The High, Medium and Low severity vulnerability numbers are also split based on the confidence with which IronWASP has reported them. The results of IronWASP tool will contain
Severity: High, Low, Medium
Found By: Active Scanning, Passive Scanning,
Affected Parameter: Controls Name like username, password etc.,
Affected Section: Body
Reason: False Positive Check Assistance
Information about response from the Server:
Acunetix is one of the best automated third party security testing tool that can be used for testing and reporting security issues such as
The testing result report has the ability to provide the results as
An attacker could access and control logged in user or administrator accounts
This would enable them to take any action that those users can take and to steal their information. For example, an administrator might have complete access to the database and the ability to change the website.
An attacker could access user information sent over public Wi-Fi
This might include passwords, usernames, and the content of web pages viewed.
An attacker could view information about your system that helps them find or exploit vulnerabilities
This may enable them to take control of your website and access sensitive user and administrator information.
The software that powers your website is out of date - your version is known to contain vulnerabilities
An attacker could access information that helps them to exploit other vulnerabilities
This information gives them a better understanding of your system.
People using a web browser after one of your users could see sensitive information that has been entered into your site
For example, username, password, credit card details. This is possible because browser autocomplete is not disabled.