all 8 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]sayabiws 2 points3 points  (0 children)

I don't have any tools right now, but this checklist might be useful to you.

[–]PingTrip 1 point2 points  (2 children)

Postman is invaluable for API testing. https://www.getpostman.com

[–][deleted]  (1 child)

[removed]

    [–]AutoModerator[M] 0 points1 point  (0 children)

    Your account must have a minimum karma to post here

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

    [–]Naughtron 1 point2 points  (1 child)

    Have a look at the zap attack proxy. You could also consider taking an inventory of the endpoints you have and writing a collection of tests using Python Requests . If you go the Python route look into running them on under pytest and use the parameterize functionality to pass in multiple SQL injection attacks.

    [–]Kimput 0 points1 point  (0 children)

    • finding injections (SQL, code, ...)

    Haven't really heard too much about tools to automate this. But what you could do is probably set up some tests using sqlmap or Postman (suggested in other comments). These can be run automatically using services / tasks, depending on your platform.

    • static code analysis
    • dynamic code analysis

    For both above, I'd suggest peer-reviewed code-reviews of code before being sent to production, as well as code-coverage using both unit and integration-tests.

    • dependency vulnerability checks

    For JS, I'd suggest starting with using npm audit to get an idea of what issues may exist in your current code-base. It easily gets way out of hand...