- Security Testing Tutorial
- Security Testing - Home
- Security Testing - Overview
- Security Testing - Process
- Security Testing - Malicious Software
- HTTP Protocol Basics
- HTTPS Protocol Basics
- Encoding and Decoding
- Security Testing - Cryptography
- Security Testing - Same Origin Policy
- Security Testing - Cookies
- Hacking Web Applications
- Security Testing - Injection
- Testing Broken Authentication
- Testing Cross Site Scripting
- Insecure Direct Object Reference
- Testing Security Misconfiguration
- Testing Sensitive Data Exposure
- Missing Function Level Access Control
- Cross Site Request Forgery
- Components with Vulnerabilities
- Unvalidated Redirects and Forwards
- Security Testing - Ajax Security
- Testing Security - Web Service
- Security Testing - Buffer Overflows
- Security Testing - Denial of Service
- Testing Malicious File Execution
- Security Testing - Automation Tools
- Security Testing Useful Resources
- Security Testing - Quick Guide
- Security Testing - Useful Resources
- Security Testing - Discussion
Security Testing - Automation Tools
There are various tools available to perform security testing of an application. There are few tools that can perform end-to-end security testing while some are dedicated to spot a particular type of flaw in the system.
Open Source Tools
Some open source security testing tools are as given −
| S.No. | Tool Name |
|---|---|
| 1 | Zed Attack Proxy Provides Automated Scanners and other tools for spotting security flaws. |
| 2 | OWASP WebScarab Developed in Java for Analysing Http and Https requests. |
| 3 | OWASP Mantra Supports multi-lingual security testing framework https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework |
| 4 | Burp Proxy Tool for Intercepting & Modyfying traffic and works with work with custom SSL certificates. |
| 5 | Firefox Tamper Data Use tamperdata to view and modify HTTP/HTTPS headers and post parameters |
| 6 | Firefox Web Developer Tools The Web Developer extension adds various web developer tools to the browser. |
| 7 | Cookie Editor Lets user to add, delete, edit, search, protect and block cookies |
Specific Tool Sets
The following tools can help us spot a particular type of vulnerability in the system −
| S.No. | Link |
|---|---|
| 1 | OWASP SQLiX − SQL Injection |
| 2 | Sqlninja − SQL Injection |
| 3 | SQLInjector − SQL Injection |
| 4 | sqlpowerinjector − SQL Injection |
| 5 | SSL Digger − Testing SSL |
| 6 | THC-Hydra − Brute Force Password |
| 7 | Brutus − Brute Force Password https://www.hackercoolmagazine.com/brutus-password-cracker-complete-guide/ |
| 8 | Ncat − Brute Force Password |
| 9 | OllyDbg − Testing Buffer Overflow |
| 10 | Metasploit − Testing Buffer Overflow |
Commercial Black Box Testing tools
Here are some of the commercial black box testing tools that help us spot security issues in the applications that we develop.
| S.No | Tool |
|---|---|
| 1 | NGSSQuirreL |
| 2 | IBM AppScan |
| 3 | Acunetix Web Vulnerability Scanner |
| 4 | NTOSpider |
| 5 | SOAP UI |
| 6 | Netsparker |
| 7 | HP WebInspect |
Free Source Code Analyzers
| S.No | Tool |
|---|---|
| 1 | OWASP Orizon |
| 2 | SearchDiggity |
| 3 | FXCOP |
| 4 | Splint |
| 5 | Boon |
| 6 | W3af |
| 7 | FlawFinder |
| 8 | FindBugs |
Commercial Source Code Analyzers
These analyzers examine, detect, and report the weaknesses in the source code, which are prone to vulnerabilities −
| S.No | Tool |
|---|---|
| 1 | Parasoft C/C++ test |
| 2 | HP Fortify |
| 3 | Appscan |
| 4 | Veracode |
| 5 | Armorize CodeSecure |
| 6 | GrammaTech |