I am pretty new as an server/web admin and it came to my attention that one of the site I am managing is vulnerable to XSS and SQL injection. So I found out using sqlmap and OWASP ZAP are good tools to help on that subject. I am basically scanning my site using ZAP, then once URL identified I work with sqlmap to make more thorough set of tests. I am now considering paid application. Based on your experience, are those type of tool worth it to pay for ? Or basically it will give me the same results/report as OWASP ZAP?
Thanks all,
Aucun commentaire:
Enregistrer un commentaire