文档章节

8 Useful And Free Web Application Security Testing

mickelfeng
 mickelfeng
发布于 2014/01/15 23:38
字数 640
阅读 34
收藏 0

Smashing Apps has been featured at Wordpress Showcase. If you like Smashing Apps and would like to share your love with us so you can click here to rate us.

With the development of more and more interactive and complex websites, it has become necessary that website owners ensure the security of their websites. For this reason, number of free web based tools and applications are available on the net. One cannot ensure that his website is completely safe without running security tests. Therefore, such types of web based applications and security testing tools are precious.

In this round up, we have gathered some free web application security testing tools for you. These tools help you run security tests and will let you identify any possible security loophole. So, take a look at this compilation and make your website safe from the security threats. Feel free to share your opinion with us via comment section below.

Wapiti

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but it will scan the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Netsparker Community Edition

Netsparker Community Edition is a SQL Injection Scanner. It’s a free edition of our web vulnerability scanner for the community so you can start securing your website now. It’s user friendly, fast, smart and as always False-Positive-Free.

N-Stalker Free Version

N-Stalker Web Application Security Scanner 2012 Free Edition provides a restricted set of free Web Security Assessment checks to enhance the overall security of your web server infrastructure, using the most complete web attack signature database available in the market – “N-Stealth Web Attack Signature Database”.

Websecurify

Websecurify is an advanced testing solution built to quickly and accurately identify web application security issues.

Skipfish

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Exploit-Me

Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use. The Exploit-Me series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download. Along with this SecTor is making the audio of the talk available.

OWASP WebScarab Project

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser.

X5s

x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. This is not a point and shoot tool, it requires some understanding of how encoding issues lead to XSS, and it requires manual driving. See the Quickstart Tutorial to jump right in but be ready to do a little work.

Related posts:

  1. 5 Free Internet Security Tools That Are Absolutely Useful

  2. Top 10 Most Popular Free Security Software (Computer Security Day Special)

  3. Before You Go Live, Test Your Website Security With Websecurify

  4. The 7 Most Advanced (And Free To Use) System Security Tools For Windows 7



Read more: http://www.smashingapps.com/2012/06/05/8-useful-and-free-web-application-security-testing-tools.html#ixzz2qTxoX7R7


本文转载自:http://www.smashingapps.com/2012/06/05/8-useful-and-free-web-application-security-testing-tools.html

mickelfeng

mickelfeng

粉丝 237
博文 2801
码字总数 604377
作品 0
成都
高级程序员
私信 提问
Pentest-bookmarks v1.5

Bookmarks Bookmarks Menu Recently Bookmarked Recent Tags Mozilla Firefox Help and Tutorials Customize Firefox Get Involved About Us Recently Bookmarked Recent Tags Mozilla Firef......

千域千寻
2014/10/22
611
0
Top 32 Nmap Command Examples For Linux Admins

last updated February 3, 2018 in Categories Command Line Hacks, Howto, Networking, Security Nmap is short for Network Mapper. It is an open source security tool for network expl......

openthings
2018/09/09
19
0
Free Download Top 100 Hacking Books

Kali Linux – Assuring Security by Penetration Testing Network Analysis Using Wireshark Cookbook Computer Security Handbook, 6th Edition iPad and iPhone Kung Fu: Tips, Tricks, ......

markGao
2014/06/10
529
1
安全工具整理大全

安全工具整理大全 0trace A hop enumeration tool http://jon.oberheide.org/0trace/ 3proxy Tiny free proxy server http://3proxy.ru/ 3proxy-win32 3proxy tiny free proxy server http:/......

lsy612873
2017/08/22
0
0
ESAPI = Enterprise Security API

下面是OWASP里的说明,其实简单一点来说,ESAPI就是为编写出更加安全的代码设计出来的一些API,方便使用者调用,从而方便的编写安全的代码。它本身是开源的,同时提供JAVA版本和.NET版本。 ...

zting科技
2017/01/11
0
0

没有更多内容

加载失败,请刷新页面

加载更多

Vue warn]: Computed property "activeNames" was assigned to but it has no setter.

在使用 vue,element-ui时,如下代码 <template> <el-form :model="numberValidateForm" ref="numberValidateForm"> <el-form-item> <el-tabs v-model="activeNames" @tab-cl......

牧云橙
17分钟前
2
0
重构-改善既有代码的设计-6.2内联函数

6.2内联函数 动机 本书经常以简短的函数表现动作意图,这样会使代码更清晰易读。但有时候你会遇到某些函数,其内部代码和函数名称同样清晰易读。也可能你充够了该函数的内部实现,使其内容和...

还仙
18分钟前
4
0
Less 混入

混合类似于编程语言中的函数。 Mixins 是一组CSS属性,允许我们将一个类的属性嵌套于另一个类,被嵌入的类可以看作是变量,并且包含类名作为其属性,也就是说我们可以用一个类定义样式然后把...

凌兮洛
20分钟前
4
0
频繁FGC的真凶原来是它

频繁FGC的真凶原来是它 上周排查了一个线上问题,主要现象是CPU占用过高,jvm old区占用过高,同时频繁fgc,我简单排查了下就草草收场了,但是过后我对这个问题又进行了复查,发现问题没有那...

每天晒白牙
21分钟前
4
0
简单的树形菜单如何写

业务需求 数据结构中含有图片、名称、children的树形结构,需要展示出每一级的图片名称和图片,找了些树形图的插件,都没有展示大的图片的,一般都是小图标,就自己试着写一个包含图的简单的...

tianyawhl
23分钟前
2
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部