Appendix A: Testing Tools

From OWASP
Revision as of 18:12, 18 November 2006 by Mmeucci (talk | contribs) (Open Source)

Jump to: navigation, search

[Up]
OWASP Testing Guide v2 Table of Contents

Source Code Analyzers

Open Source / Freeware

Analyzer URL
RATS http://www.securesoftware.com
FlawFinder http://www.dwheeler.com/flawfinder
Microsoft’s FXCop http://www.gotdotnet.com/team/fxcop
Split http://splint.org/
Boon http://www.cs.berkeley.edu/~daw/boon/
Pscan http://www.striker.ottawa.on.ca/~aland/pscan/

Commercial

Analyzer URL
Fortify http://www.fortifysoftware.com
Ounce labs Prexis http://www.ouncelabs.com
GrammaTech http://www.grammatech.com
ParaSoft http://www.parasoft.com
ITS4 http://www.cigital.com/its4/
CodeWizard http://www.parasoft.com/products/wizard/

Black Box Testing tools

Open Source

OWASP WebScarab

OWASP CAL9000

OWASP Pantera

  • SPIKE - http://www.immunitysec.com
  • Paros - http://www.proofsecure.com
  • Burp Proxy - http://www.portswigger.net
  • SQLmap
  • Achilles Proxy
  • Odysseus Proxy
  • Webstretch Proxy
  • Absinthe 1.1 (formerly SQLSqueal)
  • NGS SQL Injection Inference Tool (BH Europe 2005)
  • Internet Explorer HTMLBar Plugin
  • Firefox LiveHTTPHeaders and Developer Tools
  • Sensepost Wikto (Google cached fault-finding)
  • Foundstone Sitedigger (Google cached fault-finding)

Commercial

Scanner URL
ScanDo http://www.kavado.com
WebSleuth http://www.sandsprite.com
SPI Dynamics WebInspect http://www.spidynamics.com
Watchfire AppScan http://www.watchfire.com
http://

AppSecInc AppDetective for Web Apps
Cenzic Hailstorm
NT Objectives NTOSpider
Acunetix Web Vulnerability Scanner 2
Compuware DevPartner Fault Simulator
Fortify Pen Testing Team Tool
@stake Web Proxy 2.0
Burp Intruder
Sandsprite Web Sleuth
MaxPatrol 7
Syhunt Sandcat Scanner & Miner
TrustSecurityConsulting HTTPExplorer
Ecyware BlueGreen Inspector
NGS Typhon
Parasoft WebKing (more QA-type tool)

Other Tools

Runtime Analysis

Analyzer URL
Rational PurifyPlus http://www-306.ibm.com/software/awdtools

Binary Analysis

Analyzer URL
BugScam http://sourceforge.net/projects/bugscam
BugScan http://www.hbgary.com

Requirements Management

Manager 'URL'
Rational Requisite Pro <u>http://www-306.ibm.com/software/awdtools/reqpro</u>

OWASP Testing Guide v2

Here is the OWASP Testing Guide v2 Table of Contents

Retrieved from "https://wiki.owasp.org/index.php?title=Appendix_A:_Testing_Tools&oldid=13233"