Article Diary - General Knowledge Digest

Web Application Security Tools & Scanner Applications

Web Application SecurityA web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test. Unlike source code scanners, web application scanners don’t have access to the source code and therefore detect vulnerabilities by actually performing attacks.

A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Like every testing tools, the web application security scanner is not a perfect tool, it has strength and weaknesses. Web application scanners can look for a wide variety of vulnerabilities, including:

  • Input/Output validation: (Cross-site scripting, SQL Injection, etc.)
  • Specific application problems
  • Server configuration mistakes/errors/version

The following list of products and tools provide web application security scanner functionality.

Commercial Tools

  • Acunetix WVS by Acunetix
  • AppScan by IBM
  • Burp Suite Professional by PortSwigger
  • Hailstorm by Cenzic
  • MileScan Web Security Auditor by MileSCAN Technologies
  • N-Stalker by N-Stalker
  • Nessus by Tenable Network Security
  • NetSparker by Mavituna Security
  • NeXpose by Rapid7
  • NTOSpider by NTObjectives
  • Retina Web Security Scanner by eEye Digital Security
  • WebApp360 by nCircle
  • WebInspect by HP
  • WebKing by Parasoft

SAAS (Software As A Service) Providers

  • AppScan OnDemand by IBM
  • ClickToSecure by Cenzic
  • QualysGuard Web Application Scanning by Qualys
  • Sentinel by WhiteHat
  • Veracode Web Application Security by Veracode
  • WebInspect by HP
  • WebScanService by Elanize KG

Free Open Source Tools

  • Grabber by Romain Gaucher
  • Grendel-Scan by David Byrne and Eric Duprey
  • Paros by Chinotec
  • Powerfuzzer by Marcin Kozlowski
  • SecurityQA Toolbar by iSEC Partners
  • W3AF by Andres Riancho
  • Wapiti by Nicolas Surribas
5 (2)
Article Rating (2 Votes)
Rate this article
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
Create A Page Peel Effect With CSS & jQuery
Viewed 1152 times since Tue, Jan 5, 2010
Inline Form Validation With jQuery
Viewed 1488 times since Sat, Jan 9, 2010
Facebook Style Chat Script - ArrowChat
Viewed 1259 times since Tue, Aug 3, 2010
Free JavaScript Date Picker - jsDatePick
Viewed 1580 times since Fri, Apr 9, 2010
45 jQuery Navigation Plugins and Tutorials
Viewed 2835 times since Thu, Jan 28, 2010
dTree - Flexible JavaScript Tree Menu
Viewed 1728 times since Thu, Jan 14, 2010
10 Tips for Writing Better CSS Code
Viewed 1322 times since Fri, Nov 27, 2009
Protovis - Visualization for JavaScript via Canvas
Viewed 1104 times since Sun, Jan 3, 2010
Open Source Trouble Ticket System - Jutda Helpdesk
Viewed 2136 times since Sat, Jan 9, 2010
Search Engine Optimization: Tags of Importance for SEO
Viewed 1104 times since Tue, Oct 12, 2010