And the best thing: For the most part, you can just use your existing web browser to carry out your testing! By now pretty much everyone knows that modern web browsers come with developer tools built in. Browser developer tools can be used to scrutinize web applications from different angles, including examination of the page source and styling elements of how an application looks, all the way to taking a deep dive into what requests are being sent from your browser and how the application is responding to them. Out of the box, some browsers will allow you to go so far as to manipulate code inline. With the help of a few plugins and extensions though, you can dig deeper still, and really deliver some insights into how the application is performing from a security perspective.
The following list of products and tools provide web application security scanner functionality. Note that the tools on this list are not being endorsed by the Web Application Security Consortium - any tool that provides web application security scanning functionality will be listed here. If you know of a tool that should be added to this list, please contact Brian Shura at firstname.lastname@example.org.
I'd prefer having each tool in one section that fit them best... for example, Acunetix is in the commercial tools (which is their main tool), but they also have a free variant (for XSS only IIRC). Would it make more sense to put Websecurify in the free/open-source tools?
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface...
Andiparos is a security tool that can be used for web application security assessments. Main features: - Smartcard support. - BeanShell support. - History Filter (URLs). - Passive Scanner. - Advanced search functionality.
It is developed by Offensive Security as the rewrite of BackTrack and tops our list as one of the best operating systems for hacking purposes. This Debian-based OS comes with 500+ preinstalled pen testing tools and applications that make your security toolbox richer to start along. These flexible tools are frequently updated and are offered for different platforms like ARM and VMware. Kali Linux is also feasible for a forensic job as it comes with a live boot capability that provides a perfect environment for vulnerability detection.
Samurai Web Testing Framework is essentially a live Linux environment that comes pre-configured to work as a web penetration testing platform. It contains multiple free and open source hacking tools for detecting web vulnerabilities. It is often known as the best operating system for Web Penetration Testing. 2b1af7f3a8