Preparing an ASP.Net website for penetration testing

Question

Over the years I have had a few of the websites I have developed submitted for penetration testing by clients. Most of the time the issues that are highlighted when the resu

Answer 1

Checklist:

Web Application Security Guide/Checklist

Also, Many free tools are available for testing web application security, you can try out these:

• Netsparker: Netsparker Community Edition is a SQL Injection Scanner.
• Websecurify
• Watcher : Watcher is a Fiddler addon which aims to assist penetration testers in passively finding Web-application vulnerabilities.
• Wapiti: Web application vulnerability scanner / security auditor
• N-Stalker
• skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
• Scrawlr
• x5s: x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It's main goal is to help you identify the hotspots where XSS might occur by: 1. Detecting where safe encodings were not applied to emitted user-inputs. 2. Detecting where Unicode character transformations might bypass security filters. 3. Detecting where non-shortest UTF-8 encodings might bypass security filters
• Exploit-Me: Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use.

Free Web Application Security Testing Tools