One of the best ways to test your site is to post the URL here and claim it can't be hacked. Usually people will "help you out". :)
As far as specific testing tools, I think good practice and code reviews are one of the best things here. You should be able to look at a query and spot any dynamic parts that are out of a cfqueryparam or not sanitized in some other way. The key really is separating parameters from executable code. ~Brad -------- Original Message -------- Subject: Injection Testing/Monitoring From: Andrew Tegenkamp <andrew...@gmail.com> Date: Mon, January 18, 2010 11:17 am To: cf-talk <cf-talk@houseoffusion.com> Does anyone have any good methods for testing or monitoring SQL Injection they are willing to share? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329757 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
