This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Appendix A: Testing Tools

From OWASP
Revision as of 18:19, 5 November 2006 by Mmeucci (talk | contribs)

Jump to: navigation, search

OWASP Testing Guide v2 Table of Contents

Source Code Analyzers

Open Source / Freeware

Analyzer URL
RATS http://www.securesoftware.com
FlawFinder http://www.dwheeler.com/flawfinder
Microsoft’s FXCop http://www.gotdotnet.com/team/fxcop
Split http://splint.org/
Boon http://www.cs.berkeley.edu/~daw/boon/
Pscan http://www.striker.ottawa.on.ca/~aland/pscan/

Commercial

Analyzer URL
Fortify http://www.fortifysoftware.com
Ounce labs Prexis http://www.ouncelabs.com
GrammaTech http://www.grammatech.com
ParaSoft http://www.parasoft.com
ITS4 http://www.cigital.com/its4/
CodeWizard http://www.parasoft.com/products/wizard/

Black Box Testing tools

Open Source

Scanner URL
WebScarab http://www.owasp.org
SPIKE http://www.immunitysec.com
Paros http://www.proofsecure.com
Burp Proxy http://www.portswigger.net

SQLmap
Achilles Proxy
Odysseus Proxy
Webstretch Proxy
Absinthe 1.1 (formerly SQLSqueal)
NGS SQL Injection Inference Tool (BH Europe 2005)
Internet Explorer HTMLBar Plugin
Firefox LiveHTTPHeaders and Developer Tools
Sensepost Wikto (Google cached fault-finding)
Foundstone Sitedigger (Google cached fault-finding)

Commercial

Scanner URL
ScanDo http://www.kavado.com
WebSleuth http://www.sandsprite.com
SPI Dynamics WebInspect http://www.spidynamics.com
Watchfire AppScan http://www.watchfire.com
http://

AppSecInc AppDetective for Web Apps
Cenzic Hailstorm
NT Objectives NTOSpider
Acunetix Web Vulnerability Scanner 2
Compuware DevPartner Fault Simulator
Fortify Pen Testing Team Tool
@stake Web Proxy 2.0
Burp Intruder
Sandsprite Web Sleuth
MaxPatrol 7
Syhunt Sandcat Scanner & Miner
TrustSecurityConsulting HTTPExplorer
Ecyware BlueGreen Inspector
NGS Typhon
Parasoft WebKing (more QA-type tool)

Other Tools

Runtime Analysis

Analyzer URL
Rational PurifyPlus http://www-306.ibm.com/software/awdtools

Binary Analysis

Analyzer URL
BugScam http://sourceforge.net/projects/bugscam
BugScan http://www.hbgary.com

Requirements Management

Manager 'URL'
Rational Requisite Pro <u>http://www-306.ibm.com/software/awdtools/reqpro</u>

OWASP Testing Guide v2

Here is the OWASP Testing Guide v2 Table of Contents

Retrieved from "https://wiki.owasp.org/index.php?title=Appendix_A:_Testing_Tools&oldid=11769"