By AQ Nizam on June 5, 2012

8 Useful And Free Web Application Security Testing Tools

Don't Forget to participate in a contest where you can win custom logo design package from LogoDesignBundle.

  Advertisement

With the development of more and more interactive and complex websites, it has become necessary that website owners ensure the security of their websites. For this reason, number of free web based tools and applications are available on the net. One cannot ensure that his website is completely safe without running security tests. Therefore, such types of web based applications and security testing tools are precious.

In this round up, we have gathered some free web application security testing tools for you. These tools help you run security tests and will let you identify any possible security loophole. So, take a look at this compilation and make your website safe from the security threats. Feel free to share your opinion with us via comment section below.

Wapiti

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but it will scan the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Netsparker Community Edition

Netsparker Community Edition is a SQL Injection Scanner. It’s a free edition of our web vulnerability scanner for the community so you can start securing your website now. It’s user friendly, fast, smart and as always False-Positive-Free.

N-Stalker Free Version

N-Stalker Web Application Security Scanner 2012 Free Edition provides a restricted set of free Web Security Assessment checks to enhance the overall security of your web server infrastructure, using the most complete web attack signature database available in the market – “N-Stealth Web Attack Signature Database”.

Websecurify

Websecurify is an advanced testing solution built to quickly and accurately identify web application security issues.

Skipfish

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Exploit-Me

Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use. The Exploit-Me series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download. Along with this SecTor is making the audio of the talk available.

OWASP WebScarab Project

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser.

X5s

x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. This is not a point and shoot tool, it requires some understanding of how encoding issues lead to XSS, and it requires manual driving. See the Quickstart Tutorial to jump right in but be ready to do a little work.





If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments

[...] With the development of more and more interactive and complex websites, it has become necessary that website owners ensure the security of their websites. For this reason, number of free web based tools and applications are available on the net. One cannot ensure that his website is completely safe without running security tests. Direct Link [...]

nice collection, but one more thing i want to ask, that like i have developed a web application in php, can i use one of this tool to check the security crisis??

You’ve missed out the flagship OWASP pentesting tool – the OWASP Zed Attack Proxy (ZAP) – https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Free, open source, cross platform and being very actively maintained.

Psiinon – ZAP Project Lead

[...] 8 Useful And Free Web Application Security Testing Tools – 1 freebie(s)? [...]

thank you very much for informations

[...] 8 Useful And Free Web Application Security Testing Tools - In this round up, we have gathered some free web application security testing tools for you. These tools help you run security tests and will let you identify any possible security loophole. [...]

[...] 英文链接:8 Useful Web Application Security Testing Tools [...]

[...] 英文链接:Useful Web Application Security Testing Tools [...]

[...] tes penetrasi, dan bersyukur ada saja aplikasi untuk membantu melalukan uji keamanan website mu. selengkapnya security webapp [...]

[...] 英文链接:Useful Web Application Security Testing Tools [...]

Sorry, the comment form is closed at this time.