I ran Wapiti on my webserver. I dump the database before and after, deleted the last line which is the timestamp and found both files have me the same hash value so i know the database hasnt been changed.
But according to the report i failed a number of test. And this is the data in the info
500 HTTP Error code.
Internal Server Error. The server encountered an unexpected condition which prevented it from fulfilling the request.
* World Wide Web Consortium: HTTP/1.1 Status Code Definitions
* Wikipedia: List of HTTP status codes
It appears each and every one of these are caused by ill-formed strings that ASP.NET does not like (note i use a debian machine with xsp to host. It works well).
Should i not care what the generated reports say? should i only check if anything was changed or anything was corrupted by manually looking through the pages?
SQL Injection (1) Blind SQL Injection (2) File Handling (3) Cross Site Scripting (4) CRLF (5) Commands execution (6) Resource consumption (7) Htaccess Bypass (8) Backup file (9) Potentially dangerous file (10)
High 14 14 13 0 0 14 0 0 0 0
Medium 0 0 0 0 0 0 0 0 0 0
Low 0 0 0 0 0 0 0 0 0 0