This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Appendix A: Testing Tools

From OWASP

Revision as of 18:36, 18 November 2006 by Mmeucci (talk | contribs) (→‎OWASP Pantera)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

[Up]
OWASP Testing Guide v2 Table of Contents

1 Black Box Testing tools
2 Source Code Analyzers
- 2.1 Open Source / Freeware
- 2.2 Commercial
3 Other Tools

Black Box Testing tools

Open Source

OWASP WebScarab

OWASP CAL9000

OWASP Pantera

OWASP SPRAJAX - http://www.owasp.org/index.php/Category:OWASP_Sprajax_Project
OWASP SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
OWASP WSFuzzer - http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project
SPIKE - http://www.immunitysec.com
Paros - http://www.proofsecure.com
Burp Proxy - http://www.portswigger.net
SQLmap
Achilles Proxy
Odysseus Proxy
Webstretch Proxy
Absinthe 1.1 (formerly SQLSqueal)
NGS SQL Injection Inference Tool (BH Europe 2005)
Internet Explorer HTMLBar Plugin
Firefox LiveHTTPHeaders and Developer Tools
Sensepost Wikto (Google cached fault-finding)
Foundstone Sitedigger (Google cached fault-finding)

Commercial

ScanDo - http://www.kavado.com
WebSleuth - http://www.sandsprite.com
SPI Dynamics WebInspect - http://www.spidynamics.com
Watchfire AppScan - http://www.watchfire.com
AppSecInc AppDetective for Web Apps
Cenzic Hailstorm
NT Objectives NTOSpider
Acunetix Web Vulnerability Scanner 2
Compuware DevPartner Fault Simulator
Fortify Pen Testing Team Tool
@stake Web Proxy 2.0
Burp Intruder
Sandsprite Web Sleuth
MaxPatrol 7
Syhunt Sandcat Scanner & Miner
TrustSecurityConsulting HTTPExplorer
Ecyware BlueGreen Inspector
NGS Typhon
Parasoft WebKing (more QA-type tool)

Source Code Analyzers

Open Source / Freeware

http://www.securesoftware.com
FlawFinder - http://www.dwheeler.com/flawfinder
Microsoft’s FXCop - http://www.gotdotnet.com/team/fxcop
Split - http://splint.org
Boon - http://www.cs.berkeley.edu/~daw/boon
Pscan - http://www.striker.ottawa.on.ca/~aland/pscan

Commercial

Fortify - http://www.fortifysoftware.com
Ounce labs Prexis - http://www.ouncelabs.com
GrammaTech - http://www.grammatech.com
ParaSoft - http://www.parasoft.com
ITS4 - http://www.cigital.com/its4
CodeWizard - http://www.parasoft.com/products/wizard

Other Tools

Runtime Analysis

Rational PurifyPlus - http://www-306.ibm.com/software/awdtools

Binary Analysis

BugScam - http://sourceforge.net/projects/bugscam
BugScan - http://www.hbgary.com

Requirements Management

Rational Requisite Pro - http://www-306.ibm.com/software/awdtools/reqpro

OWASP Testing Guide v2

Here is the OWASP Testing Guide v2 Table of Contents

Retrieved from "https://wiki.owasp.org/index.php?title=Appendix_A:_Testing_Tools&oldid=13239"