📅  最后修改于: 2020-12-04 05:24:08             🧑  作者: Mango
有多种工具可用于执行应用程序的安全性测试。很少有工具可以执行端到端安全性测试,而有些工具专用于发现系统中特定类型的缺陷。
给出了一些开源安全测试工具-
S.No. | Tool Name |
---|---|
1 |
Zed Attack Proxy Provides Automated Scanners and other tools for spotting security flaws. |
2 |
OWASP WebScarab Developed in Java for Analysing Http and Https requests. |
3 |
OWASP Mantra Supports multi-lingual security testing framework https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework |
4 |
Burp Proxy Tool for Intercepting & Modyfying traffic and works with work with custom SSL certificates. |
5 |
Firefox Tamper Data Use tamperdata to view and modify HTTP/HTTPS headers and post parameters |
6 |
Firefox Web Developer Tools The Web Developer extension adds various web developer tools to the browser. |
7 |
Cookie Editor Lets user to add, delete, edit, search, protect and block cookies |
以下工具可以帮助我们发现系统中的特定类型的漏洞-
S.No. | Link |
---|---|
1 |
DOMinator Pro − Testing for DOM XSS |
2 |
OWASP SQLiX − SQL Injection |
3 |
Sqlninja − SQL Injection |
4 |
SQLInjector − SQL Injection |
5 |
sqlpowerinjector − SQL Injection |
6 |
SSL Digger − Testing SSL |
7 |
THC-Hydra − Brute Force Password |
8 |
Brutus − Brute Force Password |
9 |
Ncat − Brute Force Password |
10 |
OllyDbg − Testing Buffer Overflow |
11 |
Spike − Testing Buffer Overflow |
12 |
Metasploit − Testing Buffer Overflow |
以下是一些商业黑匣子测试工具,可帮助我们在开发的应用程序中发现安全问题。
S.No | Tool |
---|---|
1 |
NGSSQuirreL |
2 |
IBM AppScan |
3 |
Acunetix Web Vulnerability Scanner |
4 |
NTOSpider |
5 |
SOAP UI |
6 |
Netsparker |
7 |
HP WebInspect |
S.No | Tool |
---|---|
1 |
OWASP Orizon |
2 |
OWASP O2 |
3 |
SearchDiggity |
4 |
FXCOP |
5 |
Splint |
6 |
Boon |
7 |
W3af |
8 |
FlawFinder |
9 |
FindBugs |
这些分析器检查,检测并报告源代码中的弱点,这些弱点容易产生漏洞-
S.No | Tool |
---|---|
1 |
Parasoft C/C++ test |
2 |
HP Fortify |
3 |
Appscan |
4 |
Veracode |
5 |
Armorize CodeSecure |
6 |
GrammaTech |