But it would be a mistake if we do these tests only in the production phase, since they help discover loopholes and failures in an application from the development stage. To begin with, it is very important to determine if the code has been written correctly. To do this, we will use different tools that allow us to evaluate it and, in turn, provide feedback on its status. For example:<\/p>\n\n\n\n
SONARQUBE<\/strong><\/h2>\n\n\n\n![\"Code](\"https:\/\/lh6.googleusercontent.com\/YZgIr_rhy69uWYYQqSV9Kc6g3tV7YdQgXzGOjku7lv4PhbikBnXYSEttqdGncNV8sQ9K_2rhEnKAl_vr-UoY8GeSVeclJcXtP32jDGTkMc4a9KeN8yFrJRXySwEzoQljqdQ3Xhm1TMaPIx_CJGQ\" "\\"\\"")
<\/p>\n\n\n\n
It is an open source security testing tool. It allows you to perform a static analysis of the code, a function that is very useful to verify its quality. <\/p>\n\n\n\n
In addition, it is one of those that we study in our Master in Cybersecurity Management, Ethical Hacking and Offensive Security, specifically in the subject \u201cSecurity in software development\u201d.<\/p>\n\n\n\n
This tool is capable of exposing existing vulnerabilities in coding, which can lead to future security incidents. <\/p>\n\n\n\n
One of its advantages is that it supports more than 20 programming languages. Each of them has a series of rules that allow detecting general or specific problems of a particular language. It easily integrates with tools like Jenkins, for example, classifies issues based on risk level, among others.<\/p>\n\n\n\n
WAPITI<\/strong><\/h2>\n\n\n\n![\"Wapiti](\"https:\/\/lh6.googleusercontent.com\/Sr3TTLVBDly8g4ze8eYJdO8a7aI8kYmy5rbcdHwlYRamDewwSTwPAhytYb3rzG7PRL6CAcXO5R_lJDqnD1vFC7XjdMYcB3zatGwhI3FOigBJypQzJDhgjct_HAKmUqhE-3_ilw4jT43f6mCu5uc\" "\\"\\"")
<\/p>\n\n\n\n
If our intention is to know the existing vulnerabilities in an application or web page, we can use tools like Wapiti. <\/p>\n\n\n\n
Free open source. Find possible vulnerabilities from black box security. This tool only scans the web page, not its source code. It is considered very useful in the initial phases of penetration testing and is also easy to use.<\/p>\n\n\n\n
Wapati is capable of detecting the following vulnerabilities<\/p>\n\n\n\n
- Database Injection<\/em> (PHP\/ASP\/JSP SQL Injections and XPath Injections)<\/li>
- Cross Site Scripting (XSS)<\/em> <\/li>
- File disclosure detection <\/em><\/li>
- Command Execution detection<\/li>
- XXE (Xml eXternal Entity) injection<\/em><\/li>
- CRLF Injection<\/em><\/li><\/ul>\n\n\n\n
How is it installed? <\/p>\n\n\n\n
If we are working on our Kali machine or any Debian or Ubuntu based system, we can use the following command line: <\/p>\n\n\n\n
sudo apt install wapiti<\/strong><\/p>\n\n\n\nSQLMap<\/strong><\/p>\n\n\n\n![\"Exploiting](\"https:\/\/lh6.googleusercontent.com\/KQ1ErzNsmfDdMMkSJPGUkpzztfFcONazE3s57lPgk9B75Nn1XeFEVbeEdz5GrtjkMCkB9kfzPeKFO1T0sciNqeF5FjG38V1mlj8l165-sIRs_zgTQa64RgX-smaFSKoZb0zEEO_vsORtqNsM8uI\" "\\"\\"")
<\/p>\n\n\n\n
Tool that will help us test\/automate the process of detecting and exploiting SQL injections.<\/p>\n\n\n\n
Supports a wide variety of database engines such as MySQL, Oracle, PostgreSQL, Microsoft SQL Server, SQLite<\/strong>, etc., which allows testing many specific characteristics of each of them and to check their security.<\/p>\n\n\n\nOnce the tool detects vulnerabilities and code injections that can be performed, the user can choose from a variety of options to perform the penetration test; recover user and database, list users, password hashes, privileges, databases, dump entire or user-specific tables\/columns, and more.<\/p>\n\n\n\n
Do you want to know what other tools we can use to audit and test our code or application?<\/p>\n\n\n\n
Take our cybersecurity master's degree and you will become a real crack!<\/p>","protected":false},"excerpt":{"rendered":"
In this post we present some of the most used tools to carry out cybersecurity tests. Let's get to know them!<\/p>","protected":false},"author":90,"featured_media":57740,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[332],"tags":[],"class_list":["post-57694","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-ciberseguridad"],"acf":[],"_links":{"self":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/57694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/users\/90"}],"replies":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/comments?post=57694"}],"version-history":[{"count":0,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/57694\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media\/57740"}],"wp:attachment":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media?parent=57694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/categories?post=57694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/tags?post=57694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/p>\n\n\n\n
If our intention is to know the existing vulnerabilities in an application or web page, we can use tools like Wapiti. <\/p>\n\n\n\n
Free open source. Find possible vulnerabilities from black box security. This tool only scans the web page, not its source code. It is considered very useful in the initial phases of penetration testing and is also easy to use.<\/p>\n\n\n\n
Wapati is capable of detecting the following vulnerabilities<\/p>\n\n\n\n
- Database Injection<\/em> (PHP\/ASP\/JSP SQL Injections and XPath Injections)<\/li>
- Cross Site Scripting (XSS)<\/em> <\/li>
- File disclosure detection <\/em><\/li>
- Command Execution detection<\/li>
- XXE (Xml eXternal Entity) injection<\/em><\/li>
- CRLF Injection<\/em><\/li><\/ul>\n\n\n\n
How is it installed? <\/p>\n\n\n\n
If we are working on our Kali machine or any Debian or Ubuntu based system, we can use the following command line: <\/p>\n\n\n\n
sudo apt install wapiti<\/strong><\/p>\n\n\n\n
SQLMap<\/strong><\/p>\n\n\n\n
Tool that will help us test\/automate the process of detecting and exploiting SQL injections.<\/p>\n\n\n\n
Supports a wide variety of database engines such as MySQL, Oracle, PostgreSQL, Microsoft SQL Server, SQLite<\/strong>, etc., which allows testing many specific characteristics of each of them and to check their security.<\/p>\n\n\n\n
Once the tool detects vulnerabilities and code injections that can be performed, the user can choose from a variety of options to perform the penetration test; recover user and database, list users, password hashes, privileges, databases, dump entire or user-specific tables\/columns, and more.<\/p>\n\n\n\n
Do you want to know what other tools we can use to audit and test our code or application?<\/p>\n\n\n\n
Take our cybersecurity master's degree and you will become a real crack!<\/p>","protected":false},"excerpt":{"rendered":"
In this post we present some of the most used tools to carry out cybersecurity tests. Let's get to know them!<\/p>","protected":false},"author":90,"featured_media":57740,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[332],"tags":[],"class_list":["post-57694","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-ciberseguridad"],"acf":[],"_links":{"self":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/57694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/users\/90"}],"replies":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/comments?post=57694"}],"version-history":[{"count":0,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/57694\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media\/57740"}],"wp:attachment":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media?parent=57694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/categories?post=57694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/tags?post=57694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Cross Site Scripting (XSS)<\/em> <\/li>