avoid vulnerability on websites, try tools below

Site vulnerabilities result that requires immediate attention and corrections are categorized into 4 types:

Manual – Vulnerabilities found during a manual review, which cannot be detected by scanners. Common vulnerabilities of this type include Stored Cross-Site Scripting (XSS), Broken Access Control, Broken Authentication and Session Management, Logical security flaws, Personal Identifiable Information (PII) disclosure such as Possible Username or password disclosure, Directory Path disclosures such as Error page path disclosure, or ASP.NET debugging enabled.

High - Vulnerabilities categorized as the most dangerous, which put a site at maximum risk for hacking and data theft such as SQL Injection, Cross-Site Scripting (XSS).

Medium - Vulnerabilities caused by server misconfiguration and site-coding flaws, which facilitate server disruption and intrusion such as Unencrypted ViewState, Directory Listing, Open Redirection, and Source Code disclosure.

Low – Vulnerabilities that are locally exploitable do not result in a permanent compromise of the attacked websites, such as TRACE method is enabled, Cookie without HttpOnly flag set, Farmable response (potential Click jacking).

Informational - Vulnerabilities that disclose information, which facilitates severe attacks, such as  E-mail Address Disclosure, Private IP Address Disclosure, and Robots.txt File.


Acunetix Web Vulnerability Scanners :

• https://www.acunetix.com/
• http://www.telerik.com/fiddler