This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Appendix A: Testing Tools
From OWASP
Source Code Analyzers
Open Source / Freeware
| Analyzer | URL |
| RATS | http://www.securesoftware.com |
| FlawFinder | http://www.dwheeler.com/flawfinder |
| Microsoft’s FXCop | http://www.gotdotnet.com/team/fxcop |
| Split | http://splint.org/ |
| Boon | http://www.cs.berkeley.edu/~daw/boon/ |
| Pscan | http://www.striker.ottawa.on.ca/~aland/pscan/ |
Commercial
| Analyzer | URL |
| Fortify | http://www.fortifysoftware.com |
| Ounce labs Prexis | http://www.ouncelabs.com |
| GrammaTech | http://www.grammatech.com |
| ParaSoft | http://www.parasoft.com |
| ITS4 | http://www.cigital.com/its4/ |
| CodeWizard | http://www.parasoft.com/products/wizard/ |
Black Box Testing tools
Open Source
| Scanner | URL |
| WebScarab | http://www.owasp.org |
| SPIKE | http://www.immunitysec.com |
| Paros | http://www.proofsecure.com |
| Burp Proxy | http://www.portswigger.net |
Commercial
| Scanner | URL |
| ScanDo | http://www.kavado.com |
| WebSleuth | http://www.sandsprite.com |
| SPI Dynamics WebInspect | http://www.spidynamics.com |
| Watchfire AppScan | http://www.watchfire.com |
| http:// |
Other Tools
Runtime Analysis
| Analyzer | URL |
| Rational PurifyPlus | http://www-306.ibm.com/software/awdtools |
Binary Analysis
| Analyzer | URL |
| BugScam | http://sourceforge.net/projects/bugscam |
| BugScan | http://www.hbgary.com |
Requirements Management
| Manager | 'URL' |
| Rational Requisite Pro | <u>http://www-306.ibm.com/software/awdtools/reqpro</u> |
OWASP Testing Guide Table of Contents
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
