- Security Testing Tutorial
- Security Testing - Home
- Security Testing - Overview
- Security Testing - Process
- Security Testing - Malicious Software
- HTTP Protocol Basics
- HTTPS Protocol Basics
- Encoding and Decoding
- Security Testing - Cryptography
- Security Testing - Same Origin Policy
- Security Testing - Cookies
- Hacking Web Applications
- Security Testing - Injection
- Testing Broken Authentication
- Testing Cross Site Scripting
- Insecure Direct Object Reference
- Testing Security Misconfiguration
- Testing Sensitive Data Exposure
- Missing Function Level Access Control
- Cross Site Request Forgery
- Components with Vulnerabilities
- Unvalidated Redirects and Forwards
- Security Testing - Ajax Security
- Testing Security - Web Service
- Security Testing - Buffer Overflows
- Security Testing - Denial of Service
- Testing Malicious File Execution
- Security Testing - Automation Tools
- Security Testing Useful Resources
- Security Testing - Quick Guide
- Security Testing - Useful Resources
- Security Testing - Discussion
Security Testing - Automation Tools
There are various tools available to perform security testing of an application. There are few tools that can perform end-to-end security testing while some are dedicated to spot a particular type of flaw in the system.
Open Source Tools
Some open source security testing tools are as given −
S.No. | Tool Name |
---|---|
1 | Zed Attack Proxy Provides Automated Scanners and other tools for spotting security flaws. |
2 | OWASP WebScarab Developed in Java for Analysing Http and Https requests. |
3 | OWASP Mantra Supports multi-lingual security testing framework https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework |
4 | Burp Proxy Tool for Intercepting & Modyfying traffic and works with work with custom SSL certificates. |
5 | Firefox Tamper Data Use tamperdata to view and modify HTTP/HTTPS headers and post parameters |
6 | Firefox Web Developer Tools The Web Developer extension adds various web developer tools to the browser. |
7 | Cookie Editor Lets user to add, delete, edit, search, protect and block cookies |
Specific Tool Sets
The following tools can help us spot a particular type of vulnerability in the system −
S.No. | Link |
---|---|
1 | OWASP SQLiX − SQL Injection |
2 | Sqlninja − SQL Injection |
3 | SQLInjector − SQL Injection |
4 | sqlpowerinjector − SQL Injection |
5 | SSL Digger − Testing SSL |
6 | THC-Hydra − Brute Force Password |
7 | Brutus − Brute Force Password https://www.hackercoolmagazine.com/brutus-password-cracker-complete-guide/ |
8 | Ncat − Brute Force Password |
9 | OllyDbg − Testing Buffer Overflow |
10 | Metasploit − Testing Buffer Overflow |
Commercial Black Box Testing tools
Here are some of the commercial black box testing tools that help us spot security issues in the applications that we develop.
S.No | Tool |
---|---|
1 | NGSSQuirreL |
2 | IBM AppScan |
3 | Acunetix Web Vulnerability Scanner |
4 | NTOSpider |
5 | SOAP UI |
6 | Netsparker |
7 | HP WebInspect |
Free Source Code Analyzers
S.No | Tool |
---|---|
1 | OWASP Orizon |
2 | SearchDiggity |
3 | FXCOP |
4 | Splint |
5 | Boon |
6 | W3af |
7 | FlawFinder |
8 | FindBugs |
Commercial Source Code Analyzers
These analyzers examine, detect, and report the weaknesses in the source code, which are prone to vulnerabilities −
S.No | Tool |
---|---|
1 | Parasoft C/C++ test |
2 | HP Fortify |
3 | Appscan |
4 | Veracode |
5 | Armorize CodeSecure |
6 | GrammaTech |