This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Appendix A: Testing Tools"

From OWASP
Jump to: navigation, search
(Commercial)
Line 23: Line 23:
 
|}
 
|}
  
===Commercial===
+
===Commercial Analyzer===
 +
 
 +
* Fortify - http://www.fortifysoftware.com
 +
* Ounce labs Prexis - http://www.ouncelabs.com
 +
* GrammaTech - http://www.grammatech.com
 +
* ParaSoft - http://www.parasoft.com
 +
* ITS4 - http://www.cigital.com/its4
 +
* CodeWizard - http://www.parasoft.com/products/wizard
  
{| border=1
 
|| Analyzer || URL
 
|-
 
|| Fortify || <u>http://www.fortifysoftware.com</u>
 
|-
 
|| Ounce labs Prexis || <u>http://www.ouncelabs.com</u>
 
|-
 
|| GrammaTech || <u>http://www.grammatech.com</u>
 
|-
 
|| ParaSoft || <u>http://www.parasoft.com</u>
 
|-
 
|| ITS4 || <u>http://www.cigital.com/its4/</u>
 
|-
 
|| CodeWizard || <u>http://www.parasoft.com/products/wizard/</u>
 
|-
 
|}
 
  
 
==Black Box Testing tools==
 
==Black Box Testing tools==
Line 46: Line 37:
 
===Open Source===
 
===Open Source===
  
== OWASP WebScarab ==
+
=== OWASP WebScarab ===
  
== OWASP CAL9000==
+
=== OWASP CAL9000===
  
== OWASP Pantera ==
+
=== OWASP Pantera ===
  
 
* SPIKE - http://www.immunitysec.com
 
* SPIKE - http://www.immunitysec.com
Line 93: Line 84:
 
===Runtime Analysis===
 
===Runtime Analysis===
  
{| border=1
+
* Rational PurifyPlus - http://www-306.ibm.com/software/awdtools
  || '''Analyzer''' || '''URL'''
 
|-
 
|| Rational PurifyPlus || <u>http://www-306.ibm.com/software/awdtools</u>
 
|-
 
|}
 
  
 
===Binary Analysis===
 
===Binary Analysis===
  
{| border=1
+
* BugScam - http://sourceforge.net/projects/bugscam
|| '''Analyzer''' || '''URL'''
+
* BugScan - http://www.hbgary.com
|-
+
 
|| BugScam || <u>http://sourceforge.net/projects/bugscam</u>
 
|-
 
|| BugScan || <u>http://www.hbgary.com</u>
 
|-
 
|}
 
  
 
===Requirements Management===
 
===Requirements Management===
  
{| border=1
+
* Rational Requisite Pro - http://www-306.ibm.com/software/awdtools/reqpro
|| '''Manager''' || ''''''URL''''''
+
 
|-
+
 
|| Rational Requisite Pro || <u><u>http://www-306.ibm.com/software/awdtools/reqpro</u></u>
+
 
|-
 
|}
 
 
{{Category:OWASP Testing Project AoC}}
 
{{Category:OWASP Testing Project AoC}}

Revision as of 18:19, 18 November 2006

[Up]
OWASP Testing Guide v2 Table of Contents

Source Code Analyzers

Open Source / Freeware

Analyzer URL
RATS http://www.securesoftware.com
FlawFinder http://www.dwheeler.com/flawfinder
Microsoft’s FXCop http://www.gotdotnet.com/team/fxcop
Split http://splint.org/
Boon http://www.cs.berkeley.edu/~daw/boon/
Pscan http://www.striker.ottawa.on.ca/~aland/pscan/

Commercial Analyzer


Black Box Testing tools

Open Source

OWASP WebScarab

OWASP CAL9000

OWASP Pantera

  • SPIKE - http://www.immunitysec.com
  • Paros - http://www.proofsecure.com
  • Burp Proxy - http://www.portswigger.net
  • SQLmap
  • Achilles Proxy
  • Odysseus Proxy
  • Webstretch Proxy
  • Absinthe 1.1 (formerly SQLSqueal)
  • NGS SQL Injection Inference Tool (BH Europe 2005)
  • Internet Explorer HTMLBar Plugin
  • Firefox LiveHTTPHeaders and Developer Tools
  • Sensepost Wikto (Google cached fault-finding)
  • Foundstone Sitedigger (Google cached fault-finding)

Commercial

  • ScanDo - http://www.kavado.com
  • WebSleuth - http://www.sandsprite.com
  • SPI Dynamics WebInspect - http://www.spidynamics.com
  • Watchfire AppScan - http://www.watchfire.com
  • AppSecInc AppDetective for Web Apps
  • Cenzic Hailstorm
  • NT Objectives NTOSpider
  • Acunetix Web Vulnerability Scanner 2
  • Compuware DevPartner Fault Simulator
  • Fortify Pen Testing Team Tool
  • @stake Web Proxy 2.0
  • Burp Intruder
  • Sandsprite Web Sleuth
  • MaxPatrol 7
  • Syhunt Sandcat Scanner & Miner
  • TrustSecurityConsulting HTTPExplorer
  • Ecyware BlueGreen Inspector
  • NGS Typhon
  • Parasoft WebKing (more QA-type tool)

Other Tools

Runtime Analysis

Binary Analysis


Requirements Management


OWASP Testing Guide v2

Here is the OWASP Testing Guide v2 Table of Contents

Retrieved from "https://wiki.owasp.org/index.php?title=Appendix_A:_Testing_Tools&oldid=13235"