SQL injections and cross site scripting - how to test and protect against it?

I'm going to keep this question open still.
I hope that someone knowledgeable in this field will pass by to answer it.

SQL Injection, Cross-site Scripting & Automated Vulnerability Detection & Evaluation

There are some nice Open-Source Tools, you could give a try:

http://www.snort.org/
http://www2006.org/programme/files/xhtml...
http://www.pcre.org/

Otherwise, you might also find something here:

http://www.softwareqatest.com/qatweb1.ht...
http://dmoz.org/Computers/Security/Inter...

Or check my searchrolls at Rollyo for more:

http://rollyo.com/explore.html?rollterm=...

Enjoy. Greetings from Vienna

Great, bit2bit!
Thanks for all the references.

SQL Injection, Cross-site Scripting & Automated Vulnerability Detection & Evaluation

As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. For example, there has been extensive press coverage of recent security incidences involving the loss of sensitive credit card information belonging to millions of customers. Many web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the Internet that are vulnerable...

http://www.snort.org/
http://www2006.org/programme/files/xhtml......
http://www.pcre.org/
http://www.softwareqatest.com/qatweb1.ht......
http://dmoz.org/Computers/Security/Inter......
http://rollyo.com/explore.html?rollterm=...

Click here to see the Answer Discussion that preceded this tutorial.

Login to rate this tutorial: Good  |  Bad