

Ask HN: Is there any web apps that finds your site's security flaws - camelback

My first post here, just wondering if something like this exists or even possible? (Hopes it makes sense)
======
Travis
The web apps I've seen that do this all look pretty scammy. I wouldn't want
them poking around my site. Then again, it is a public site, so...

Anyhow, since there are several major attack vectors, there are also several
different types of scanners. I recommend you read the book "breaking web
software" to get a better understanding of the types of attacks.

As far as tools, if you have a PHP install I recommend <https://chorizo-
scanner.com/>

No recommendation, but <http://www.acunetix.com/cross-site-
scripting/scanner.htm> looks like they can help.

IBM has a good article/series on web app vulnerabilities at
[http://www.ibm.com/developerworks/web/library/wa-
appsecurity...](http://www.ibm.com/developerworks/web/library/wa-appsecurity/)

And finally, wapiti is a vulnerability checker written in python that will do
scans of web apps. COmmand line, not web, but pretty good -
<http://wapiti.sourceforge.net/>

------
cperciva
I'm sure there are web apps which will find security flaws; but you shouldn't
trust their results. Finding security flaws is equivalent to determining
whether a Turing machine will halt -- i.e., there is no algorithm which can
guarantee to give you the right answer.

------
yan
No web app, but a lot of individuals who'd love to offer this as a service.
For general guidelines on writing secure web code, refer to
<http://www.owasp.org>

