I was showing off a website to a friend. He took a look at it and within about 15 he was able to get my username and password for the admin log in. he showed me. I was humbled by his skill, kinda embarrassed, and also impressed at the same time.
I came to the conclusion I really need to learn how to pentest my own web apps and be able to write good defensive code. Where should I start what are some good vulnerability scanners for newbs?
I recently started working as an SEO manager for a design firm. I don't really do a lot of the actually coding right now. Mostly I do content writing and link building. So pentesting is really beyond the scope my job. But I think it would be good for everyone involved it we could produce more secure web apps. That and this hacking stuff is really starting to grow on me and I'm pretty curious.
What are some good tools for scanning websites for potential security issues? What comes with Kali?
Scan for SQL Injection, XSS, and access control bipass?
Any suggestions would be awesome.
Thanks in advance.
