

Ask HN: Is there a tool that will be a controlled hacker? - chromedude

I am launching a web app and want to make sure that my sign in and sign up forms are at least relatively hacker safe. Is there a program out there that will try most of the basic traditional hacker methods and tell you if it can get through?
======
perlgeek
I'd try a search for 'automated penetration testing' on your favorite search
engine. There seem to be quite a few result.

But beware, these things could easily lure you into a false sense of security
by not finding a big gaping hole in your security.

Note that sign in and sign up isn't the only possible vulnerability. For
example do you check that a signed-in user can only change his own
information, and not other people's data by simply changing a user ID in an
URL or in some hidden form data?

~~~
chromedude
thanks, very good observation. I am definitely concerned about those too.

