Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Top 10 Website Security Testing Tools


Web Site Security Testing Tools

Most of the viruses come to a system through applications which are downloaded from the internet. A virus can corrupt the system and the applications which are in a system. We cannot stop using applications available on the internet. So, the best thing is, use those applications securely, by using website security testing tools.


AppSpider is a windows based web security application tool which provides full security to the web applications/services, mobiles, and rich internet applications (RIAs). It fully scans your application in much less time and provides full security to the system at very low cost.

Top 10 Website Security Testing Tools

Features of AppSpider are, as follows,

Conducts deeper analysis, with interactive reports Quick re-play of the web attacks Categorizes applications for easy reporting
Learn More: https://www.rapid7.com/products/appspider/


Brakeman is an open source vulnerability scanner testing tool designed for Ruby on Rails applications. Brakeman looks into the source code of the application and produces a report of all security issues found in the application code.
Top 10 Website Security Testing Tools

Brakeman is available for Jenkins/Hudson and works on Rails 2.x, 3.x and 4.x. It statically analyzes Rails application code to find security issues, at any stage of development.

Learn More: http://brakemanscanner.org/


SiteDigger is an expert in examining Google’s cache, errors, configuration problems, and interesting security nuggets on web sites. SiteDigger provides results in real time.

SiteDigger provides an improved user interface, signature update, and results page, for better understanding. Google API license key is not required to access this tool. SiteDigger has an ability to save signature selection and configurable result set. It runs on all Windows OS having Microsoft .NET Framework v3.5 installed.

Top 10 Website Security Testing Tools

Learn More: http://www.mcafee.com/in/downloads/free-tools/sitedigger.aspx


Netsparker is a web application security scanner, with support for both detection and exploitation, of the vulnerabilities (SQL Injection and Cross site scripting (XSS)) and security issues, no matter on which platform or technology the website application has been built. Netsparker offers full support for AJAX and javascript based applications. Netsparker is False Positive Free, which means that you won’t need a PHD in security testing to verify any vulnerability that Netsparker can find.

Top 10 Website Security Testing Tools

Features of Netsparker are as follows,

It is easy to use Full html5 support Web services scanning Reporting Vulnerability details
Learn More: https://www.netsparker.com/


NMap is a cross platform web security scanner, written by Gordon Lyon founder of hosts and services on a computer network. NMap sends specially crafted packets to the target host and then analyzes the responses. NMap runs on all major computer operating systems.

Top 10 Website Security Testing Tools

Features of NMap are as follows,

NMap is flexible NMap is powerful to scan huge networks Major computer operating systems are supported
Learn More: https://nmap.org/


OWASP was started in 2001, by Mark Curphey. OWASP stands for “Open Web Application Security Project” which is an online community that offers freely available articles, methodologies, documentation, and tools in the field of web application security.

Top 10 Website Security Testing Tools

OWASP is a worldwide not-for-profit charitable organization focused on improving the security of an application.

Learn More: https://www.owasp.org/index.php/Main_Page


Wapiti is a vulnerability scanner for web applications. Wapiti performs black-box scan which does not study the code of the application but scans the webpages of the deployed web application. Wapiti can detect XSS injections, SQL and XPath injections, file inclusions, command execution, XXE injections, and CRLF injections.
Top 10 Website Security Testing Tools

Features of Wapiti are, as follows,

Supports HTTP and HTTPS proxies Imports the cookies Extracts URLs from flash SWF files Possibility to set the first URLs to explore Can activate/deactivate SSL certificates verification
Learn More: http://wapiti.sourceforge.net/


Scrawlr is a shortcut for SQL Injector and Crawler, a tool developed by HP web security research group in coordination with Microsoft security response center. Scrawlr is free software for scanning SQL injection vulnerabilities n your web application.

Top 10 Website Security Testing Tools

Learn More: http://community.hpe.com/t5/Protect-Your-Assets/Finding-SQL-Injection-with-Scrawlr/ba-p/2408262#.V4OB974XXOA


Vega is a free and open source scanner to test the security of a web application. Vega can help you find the SQL injection, header injection, directory listing, shell injection, cross site scripting, file inclusion, and other web application vulnerabilities. Vega can be extended using a powerful API, in the language of the web, written in JavaScript.
Top 10 Website Security Testing Tools

Features of Vega are, as following,

Vega has a well designed GUI Vega can run on linux, Mac, and Windows Extensible due to JavaScript
Learn More: https://subgraph.com/vega/

Iron Wasp

Iron Wasp stands for “Iron Web Application Advanced Security Testing Platform” which is an open source system for web applications vulnerability testing. It is a GUI based powerful scanning tool that can check over 25 kinds of web vulnerabilities. It is built on python and Ruby, and can generate HTML and RTF reports.
Top 10 Website Security Testing Tools

Features of Iron Wasp are, as following,

It’s free and open source Easy to use with a GUI based design Powerful and effective scanning engine Supports recording login sequence False Positive/Negative detection support Reporting in both HTML and RTF formats

Viewing all articles
Browse latest Browse all 12749