This chapter covers the main vulnerabilities in web applications and the tools we can find in the python ecosystem, such as w3af as a vulnerabilities scanner in web applications, and sqlmap for detecting sql vulnerabilities. Regarding server vulnerabilities, we cover testing heartbleed and SSL vulnerabiliies in servers with openssl activated.

The following topics will be covered in this chapter:

• Vulnerabilities in web applications with OWASP
• w3af as a vulnerabilities scanner in web applications
• How to discover sql vulnerabilities with python tools
• Python script for testing heartbleed and SSL/TLS vulnerabilities