Web Site Security Testing ToolsMost of the viruses come to a system through applications which are downloaded from the internet. A virus can corrupt the system and the applications which are in a system. We cannot stop using applications available on the internet. So, the best thing is, use those applications securely, by using website security testing tools.
AppSpider is a Windows based web security application tool which provides full security to the web applications/services, mobiles, and rich internet applications (RIAs). It fully scans your application in much less time and provides full security to the system at very low cost.
Features of AppSpider are, as follows,
- Conducts deeper analysis, with interactive reports
- Quick re-play of the web attacks
- Categorizes applications for easy reporting
Learn More: https://www.rapid7.com/products/appspider/
BrakemanBrakeman is an open source vulnerability scanner testing tool designed for Ruby on Rails applications. Brakeman looks into the source code of the application and produces a report of all security issues found in the application code.
Brakeman is available for Jenkins/Hudson and works on Rails 2.x, 3.x and 4.x. It statically analyzes Rails application code to find security issues, at any stage of development.
Learn More: http://brakemanscanner.org/
SiteDigger is an expert in examining Google’s cache, errors, configuration problems, and interesting security nuggets on web sites. SiteDigger provides results in real time.
SiteDigger provides an improved user interface, signature update, and results page, for better understanding. Google API license key is not required to access this tool. SiteDigger has an ability to save signature selection and configurable result set. It runs on all Windows OS having Microsoft .NET Framework v3.5 installed.
Learn More: http://www.mcafee.com/in/downloads/free-tools/sitedigger.aspx
Features of Netsparker are as follows,
- It is easy to use
- Full HTML5 support
- Web services scanning
- Vulnerability details
Learn More: https://www.netsparker.com/
NMap is a cross platform web security scanner, written by Gordon Lyon founder of hosts and services on a computer network. NMap sends specially crafted packets to the target host and then analyzes the responses. NMap runs on all major computer operating systems.
Features of NMap are as follows,
- NMap is flexible
- NMap is powerful to scan huge networks
- Major computer operating systems are supported
Learn More: https://nmap.org/
OWASP was started in 2001, by Mark Curphey. OWASP stands for “Open Web Application Security Project” which is an online community that offers freely available articles, methodologies, documentation, and tools in the field of web application security.
OWASP is a worldwide not-for-profit charitable organization focused on improving the security of an application.
Learn More: https://www.owasp.org/index.php/Main_Page
WapitiWapiti is a vulnerability scanner for web applications. Wapiti performs black-box scan which does not study the code of the application but scans the webpages of the deployed web application. Wapiti can detect XSS injections, SQL and XPath injections, file inclusions, command execution, XXE injections, and CRLF injections.
Features of Wapiti are, as follows,
- Supports HTTP and HTTPS proxies
- Imports the cookies
- Extracts URLs from flash SWF files
- Possibility to set the first URLs to explore
- Can activate/deactivate SSL certificates verification
Learn More: http://wapiti.sourceforge.net/
Scrawlr is a shortcut for SQL Injector and Crawler, a tool developed by HP web security research group in coordination with Microsoft security response center. Scrawlr is free software for scanning SQL injection vulnerabilities n your web application.
Learn More: http://community.hpe.com/t5/Protect-Your-Assets/Finding-SQL-Injection-with-Scrawlr/ba-p/2408262#.V4OB974XXOA
Features of Vega are, as following,
- Vega has a well designed GUI
- Vega can run on Linux, Mac, and Windows
Learn More: https://subgraph.com/vega/
Iron WaspIron Wasp stands for “Iron Web Application Advanced Security Testing Platform” which is an open source system for web applications vulnerability testing. It is a GUI based powerful scanning tool that can check over 25 kinds of web vulnerabilities. It is built on Python and Ruby, and can generate HTML and RTF reports.
Features of Iron Wasp are, as following,
- It’s free and open source
- Easy to use with a GUI based design
- Powerful and effective scanning engine
- Supports recording login sequence
- False Positive/Negative detection support
- Reporting in both HTML and RTF formats