Article Diary - General Knowledge Digest

Web Application Security Tools & Scanner Applications

Web Application SecurityA web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test. Unlike source code scanners, web application scanners don’t have access to the source code and therefore detect vulnerabilities by actually performing attacks.

A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Like every testing tools, the web application security scanner is not a perfect tool, it has strength and weaknesses. Web application scanners can look for a wide variety of vulnerabilities, including:

  • Input/Output validation: (Cross-site scripting, SQL Injection, etc.)
  • Specific application problems
  • Server configuration mistakes/errors/version

The following list of products and tools provide web application security scanner functionality.

Commercial Tools

  • Acunetix WVS by Acunetix
  • AppScan by IBM
  • Burp Suite Professional by PortSwigger
  • Hailstorm by Cenzic
  • MileScan Web Security Auditor by MileSCAN Technologies
  • N-Stalker by N-Stalker
  • Nessus by Tenable Network Security
  • NetSparker by Mavituna Security
  • NeXpose by Rapid7
  • NTOSpider by NTObjectives
  • Retina Web Security Scanner by eEye Digital Security
  • WebApp360 by nCircle
  • WebInspect by HP
  • WebKing by Parasoft

SAAS (Software As A Service) Providers

  • AppScan OnDemand by IBM
  • ClickToSecure by Cenzic
  • QualysGuard Web Application Scanning by Qualys
  • Sentinel by WhiteHat
  • Veracode Web Application Security by Veracode
  • WebInspect by HP
  • WebScanService by Elanize KG

Free Open Source Tools

  • Grabber by Romain Gaucher
  • Grendel-Scan by David Byrne and Eric Duprey
  • Paros by Chinotec
  • Powerfuzzer by Marcin Kozlowski
  • SecurityQA Toolbar by iSEC Partners
  • W3AF by Andres Riancho
  • Wapiti by Nicolas Surribas
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
How do I add and register extra domain names?
Viewed 2861 times since Fri, Oct 9, 2009
tgrdfgdgfdg
Viewed 759 times since Sun, Jan 17, 2010
What is new in HTML 5?
Viewed 861 times since Sat, Apr 3, 2010
dTree - Flexible JavaScript Tree Menu
Viewed 1252 times since Thu, Jan 14, 2010
Pastie - Pastebin to Share Source Code with Syntax Highlighting
Viewed 836 times since Mon, Jan 11, 2010
How can I change session timeout value?
Viewed 810 times since Tue, Apr 27, 2010
45 jQuery Navigation Plugins and Tutorials
Viewed 2006 times since Thu, Jan 28, 2010
Open Source Web Analytics Framework
Viewed 712 times since Sat, Jan 30, 2010
PHP Questions for Interview with Answers
Viewed 1080 times since Wed, Feb 24, 2010
Inline Form Validation With jQuery
Viewed 1103 times since Sat, Jan 9, 2010
MENU