This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Appendix A: Testing Tools"
From OWASP
(→Black Box Scanners) |
(→Black Box Testing) |
||
| Line 41: | Line 41: | ||
|} | |} | ||
| − | ==Black Box Testing== | + | ==Black Box Testing tools== |
===Open Source=== | ===Open Source=== | ||
| Line 53: | Line 53: | ||
|- | |- | ||
|| Paros || <u>http://www.proofsecure.com</u> | || Paros || <u>http://www.proofsecure.com</u> | ||
| + | |- | ||
| + | || Burp Proxy || <u>http://www.portswigger.net</u> | ||
|- | |- | ||
|} | |} | ||
| Line 65: | Line 67: | ||
|| WebSleuth || <u>http://www.sandsprite.com</u> | || WebSleuth || <u>http://www.sandsprite.com</u> | ||
|- | |- | ||
| − | || SPI Dynamics || <u>http://www.spidynamics.com</u> | + | || SPI Dynamics WebInspect || <u>http://www.spidynamics.com</u> |
| + | |- | ||
| + | || Watchfire AppScan || <u>http://www.watchfire.com</u> | ||
| + | |- | ||
| + | || || <u>http://</u> | ||
|- | |- | ||
| + | |||
|} | |} | ||
Revision as of 12:51, 20 October 2006
Source Code Analyzers
Open Source / Freeware
| Analyzer | URL |
| RATS | http://www.securesoftware.com |
| FlawFinder | http://www.dwheeler.com/flawfinder |
| Microsoft’s FXCop | http://www.gotdotnet.com/team/fxcop |
| Split | http://splint.org/ |
| Boon | http://www.cs.berkeley.edu/~daw/boon/ |
| Pscan | http://www.striker.ottawa.on.ca/~aland/pscan/ |
Commercial
| Analyzer | URL |
| Fortify | http://www.fortifysoftware.com |
| Ounce labs Prexis | http://www.ouncelabs.com |
| GrammaTech | http://www.grammatech.com |
| ParaSoft | http://www.parasoft.com |
| ITS4 | http://www.cigital.com/its4/ |
| CodeWizard | http://www.parasoft.com/products/wizard/ |
Black Box Testing tools
Open Source
| Scanner | URL |
| WebScarab | http://www.owasp.org |
| SPIKE | http://www.immunitysec.com |
| Paros | http://www.proofsecure.com |
| Burp Proxy | http://www.portswigger.net |
Commercial
| Scanner | URL |
| ScanDo | http://www.kavado.com |
| WebSleuth | http://www.sandsprite.com |
| SPI Dynamics WebInspect | http://www.spidynamics.com |
| Watchfire AppScan | http://www.watchfire.com |
| http:// |
Other Tools
Runtime Analysis
| Analyzer | URL |
| Rational PurifyPlus | http://www-306.ibm.com/software/awdtools |
Binary Analysis
| Analyzer | URL |
| BugScam | http://sourceforge.net/projects/bugscam |
| BugScan | http://www.hbgary.com |
Requirements Management
| Manager | 'URL' |
| Rational Requisite Pro | <u>http://www-306.ibm.com/software/awdtools/reqpro</u> |
OWASP Testing Guide Table of Contents
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
