Today, a website security need is a must. The number of hackers and spammers are growing each day and a website security is a major concern as well as a challenge for companies.
In this article, I will list some of the tools for developers that can be used to help test and secure a website.
AppSpider
AppSpider is a Windows based web security application tool which provides full security to the web applications/services, mobiles, and rich internet applications (RIAs). It fully scans your application in much less time and provides full security to the system at a very low cost.
Features of AppSpider are, as follows,
- Conducts deeper analysis, with interactive reports
- Quick re-play of the web attacks
- Categorizes applications for easy reporting
Learn More:https://www.rapid7.com/products/appspider/
Brakeman
Brakeman is an open source vulnerability scanner testing tool designed for Ruby on Rails applications. Brakeman looks into the source code of the application and produces a report of all security issues found in the application code.
Brakeman is available for Jenkins/Hudson and works on Rails 2.x, 3.x and 4.x. It statically analyzes Rails application code to find security issues, at any stage of development.
Learn More: http://brakemanscanner.org/
SiteDigger
SiteDigger is an expert in examining Google’s cache, errors, configuration problems, and interesting security nuggets on web sites. SiteDigger provides results in real time.
SiteDigger provides an improved user interface, signature update, and results page, for better understanding. Google API license key is not required to access this tool. SiteDigger has an ability to save signature selection and configurable result set. It runs on all Windows OS having Microsoft .NET Framework v3.5 installed.
Learn More: http://www.mcafee.com/in/downloads/free-tools/sitedigger.aspx
Netsparker
Netsparker is a web application security scanner, with support for both detection and exploitation, of the vulnerabilities (SQL Injection and Cross site scripting (XSS)) and security issues, no matter on which platform or technology the website application has been built. Netsparker offers full support for AJAX and JavaScript based applications. Netsparker is False Positive Free, which means that you won’t need a Ph.D. in security testing to verify any vulnerability that Netsparker can find.
Features of Netsparker are as follows,
- It is easy to use
- Full HTML5 support
- Web services scanning
- Reporting
- Vulnerability details
Learn More: https://www.netsparker.com/
NMap
NMap is a cross platform web security scanner, written by Gordon Lyon, founder of hosts and services on a computer network. NMap sends specially crafted packets to the target host and then analyzes the responses. NMap runs on all major computer operating systems.
Features of NMap are as follows,
- NMap is flexible
- NMap is powerful to scan huge networks
- Major computer operating systems are supported
Learn More:https://nmap.org/
OWASP
OWASP was started in 2001, by Mark Curphey. OWASP stands for “Open Web Application Security Project” which is an online community that offers freely available articles, methodologies, documentation, and tools in the field of web application security.
OWASP is a worldwide not-for-profit charitable organization focused on improving the security of an application.
Learn More: https://www.owasp.org/index.php/Main_Page
Wapiti
Wapiti is a vulnerability scanner for web applications. Wapiti performs black-box scan which does not study the code of the application but scans the webpages of the deployed web application. Wapiti can detect XSS injections, SQL and XPath injections, file inclusions, command execution, XXE injections, and CRLF injections.
Features of Wapiti are, as follows,
- Supports HTTP and HTTPS proxies
- Imports the cookies
- Extracts URLs from flash SWF files
- Possibility to set the first URLs to explore
- Can activate/deactivate SSL certificates verification
Learn More: http://wapiti.sourceforge.net/
Scrawlr
Scrawlr is a shortcut for SQL Injector and Crawler, a tool developed by HP web security research group in coordination with Microsoft security response center. Scrawlr is free software for scanning SQL injection vulnerabilities n your web application.
Learn More: http://community.hpe.com/t5/Protect-Your-Assets/Finding-SQL-Injection-with-Scrawlr/ba-p/2408262#.V4OB974XXOA
Vega
Vega is a free and open source scanner to test the security of a web application. Vega can help you find the SQL injection, header injection, directory listing, shell injection, cross site scripting, file inclusion, and other web application vulnerabilities. Vega can be extended using a powerful API, in the language of the web, written in JavaScript.
Features of Vega are, as following,
- Vega has a well designed GUI
- Vega can run on Linux, Mac, and Windows
- Extensible due to JavaScript
Learn More: https://subgraph.com/vega/
Iron Wasp
Iron Wasp stands for “Iron Web Application Advanced Security Testing Platform” which is an open source system for web applications vulnerability testing. It is a GUI based powerful scanning tool that can check over 25 kinds of web vulnerabilities. It is built on Python and Ruby, and can generate HTML and RTF reports.
Features of Iron Wasp are, as following,
- It’s free and open source
- Easy to use with a GUI based design
- Powerful and effective scanning engine
- Supports recording login sequence
- False Positive/Negative detection support
- Reporting in both HTML and RTF formats