This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Appendix A: Testing Tools

From OWASP

Revision as of 18:15, 18 November 2006 by Mmeucci (talk | contribs) (→‎Commercial)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

[Up]
OWASP Testing Guide v2 Table of Contents

1 Source Code Analyzers
- 1.1 Open Source / Freeware
- 1.2 Commercial
2 Black Box Testing tools
- 2.1 Open Source
3 OWASP WebScarab
4 OWASP CAL9000
5 OWASP Pantera
- 5.1 Commercial
6 Other Tools

Source Code Analyzers

Open Source / Freeware

Analyzer	URL
RATS	http://www.securesoftware.com
FlawFinder	http://www.dwheeler.com/flawfinder
Microsoft’s FXCop	http://www.gotdotnet.com/team/fxcop
Split	http://splint.org/
Boon	http://www.cs.berkeley.edu/~daw/boon/
Pscan	http://www.striker.ottawa.on.ca/~aland/pscan/

Commercial

Analyzer	URL
Fortify	http://www.fortifysoftware.com
Ounce labs Prexis	http://www.ouncelabs.com
GrammaTech	http://www.grammatech.com
ParaSoft	http://www.parasoft.com
ITS4	http://www.cigital.com/its4/
CodeWizard	http://www.parasoft.com/products/wizard/

Black Box Testing tools

Open Source

OWASP WebScarab

OWASP CAL9000

OWASP Pantera

SPIKE - http://www.immunitysec.com
Paros - http://www.proofsecure.com
Burp Proxy - http://www.portswigger.net
SQLmap
Achilles Proxy
Odysseus Proxy
Webstretch Proxy
Absinthe 1.1 (formerly SQLSqueal)
NGS SQL Injection Inference Tool (BH Europe 2005)
Internet Explorer HTMLBar Plugin
Firefox LiveHTTPHeaders and Developer Tools
Sensepost Wikto (Google cached fault-finding)
Foundstone Sitedigger (Google cached fault-finding)

Commercial

ScanDo - http://www.kavado.com
WebSleuth - http://www.sandsprite.com
SPI Dynamics WebInspect - http://www.spidynamics.com
Watchfire AppScan - http://www.watchfire.com
AppSecInc AppDetective for Web Apps
Cenzic Hailstorm
NT Objectives NTOSpider
Acunetix Web Vulnerability Scanner 2
Compuware DevPartner Fault Simulator
Fortify Pen Testing Team Tool
@stake Web Proxy 2.0
Burp Intruder
Sandsprite Web Sleuth
MaxPatrol 7
Syhunt Sandcat Scanner & Miner
TrustSecurityConsulting HTTPExplorer
Ecyware BlueGreen Inspector
NGS Typhon
Parasoft WebKing (more QA-type tool)

Other Tools

Runtime Analysis

Analyzer	URL
Rational PurifyPlus	http://www-306.ibm.com/software/awdtools

Binary Analysis

Analyzer	URL
BugScam	http://sourceforge.net/projects/bugscam
BugScan	http://www.hbgary.com

Requirements Management

Manager	'URL'
Rational Requisite Pro	<u>http://www-306.ibm.com/software/awdtools/reqpro</u>

OWASP Testing Guide v2

Here is the OWASP Testing Guide v2 Table of Contents

Retrieved from "https://wiki.owasp.org/index.php?title=Appendix_A:_Testing_Tools&oldid=13234"