📅 最后修改于: 2020-12-04 05:24:08 🧑 作者: Mango
有多种工具可用于执行应用程序的安全性测试。很少有工具可以执行端到端安全性测试,而有些工具专用于发现系统中特定类型的缺陷。
给出了一些开源安全测试工具-
| S.No. | Tool Name |
|---|---|
| 1 |
Zed Attack Proxy Provides Automated Scanners and other tools for spotting security flaws. |
| 2 |
OWASP WebScarab Developed in Java for Analysing Http and Https requests. |
| 3 |
OWASP Mantra Supports multi-lingual security testing framework https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework |
| 4 |
Burp Proxy Tool for Intercepting & Modyfying traffic and works with work with custom SSL certificates. |
| 5 |
Firefox Tamper Data Use tamperdata to view and modify HTTP/HTTPS headers and post parameters |
| 6 |
Firefox Web Developer Tools The Web Developer extension adds various web developer tools to the browser. |
| 7 |
Cookie Editor Lets user to add, delete, edit, search, protect and block cookies |
以下工具可以帮助我们发现系统中的特定类型的漏洞-
| S.No. | Link |
|---|---|
| 1 |
DOMinator Pro − Testing for DOM XSS |
| 2 |
OWASP SQLiX − SQL Injection |
| 3 |
Sqlninja − SQL Injection |
| 4 |
SQLInjector − SQL Injection |
| 5 |
sqlpowerinjector − SQL Injection |
| 6 |
SSL Digger − Testing SSL |
| 7 |
THC-Hydra − Brute Force Password |
| 8 |
Brutus − Brute Force Password |
| 9 |
Ncat − Brute Force Password |
| 10 |
OllyDbg − Testing Buffer Overflow |
| 11 |
Spike − Testing Buffer Overflow |
| 12 |
Metasploit − Testing Buffer Overflow |
以下是一些商业黑匣子测试工具,可帮助我们在开发的应用程序中发现安全问题。
| S.No | Tool |
|---|---|
| 1 |
NGSSQuirreL |
| 2 |
IBM AppScan |
| 3 |
Acunetix Web Vulnerability Scanner |
| 4 |
NTOSpider |
| 5 |
SOAP UI |
| 6 |
Netsparker |
| 7 |
HP WebInspect |
| S.No | Tool |
|---|---|
| 1 |
OWASP Orizon |
| 2 |
OWASP O2 |
| 3 |
SearchDiggity |
| 4 |
FXCOP |
| 5 |
Splint |
| 6 |
Boon |
| 7 |
W3af |
| 8 |
FlawFinder |
| 9 |
FindBugs |
这些分析器检查,检测并报告源代码中的弱点,这些弱点容易产生漏洞-
| S.No | Tool |
|---|---|
| 1 |
Parasoft C/C++ test |
| 2 |
HP Fortify |
| 3 |
Appscan |
| 4 |
Veracode |
| 5 |
Armorize CodeSecure |
| 6 |
GrammaTech |