Article Diary - General Knowledge Digest

Web Application Security Tools & Scanner Applications

Web Application SecurityA web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test. Unlike source code scanners, web application scanners don’t have access to the source code and therefore detect vulnerabilities by actually performing attacks.

A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Like every testing tools, the web application security scanner is not a perfect tool, it has strength and weaknesses. Web application scanners can look for a wide variety of vulnerabilities, including:

  • Input/Output validation: (Cross-site scripting, SQL Injection, etc.)
  • Specific application problems
  • Server configuration mistakes/errors/version

The following list of products and tools provide web application security scanner functionality.

Commercial Tools

  • Acunetix WVS by Acunetix
  • AppScan by IBM
  • Burp Suite Professional by PortSwigger
  • Hailstorm by Cenzic
  • MileScan Web Security Auditor by MileSCAN Technologies
  • N-Stalker by N-Stalker
  • Nessus by Tenable Network Security
  • NetSparker by Mavituna Security
  • NeXpose by Rapid7
  • NTOSpider by NTObjectives
  • Retina Web Security Scanner by eEye Digital Security
  • WebApp360 by nCircle
  • WebInspect by HP
  • WebKing by Parasoft

SAAS (Software As A Service) Providers

  • AppScan OnDemand by IBM
  • ClickToSecure by Cenzic
  • QualysGuard Web Application Scanning by Qualys
  • Sentinel by WhiteHat
  • Veracode Web Application Security by Veracode
  • WebInspect by HP
  • WebScanService by Elanize KG

Free Open Source Tools

  • Grabber by Romain Gaucher
  • Grendel-Scan by David Byrne and Eric Duprey
  • Paros by Chinotec
  • Powerfuzzer by Marcin Kozlowski
  • SecurityQA Toolbar by iSEC Partners
  • W3AF by Andres Riancho
  • Wapiti by Nicolas Surribas
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
dTree - Flexible JavaScript Tree Menu
Viewed 1148 times since Thu, Jan 14, 2010
ICEpdf - Open Source Java PDF Library
Viewed 981 times since Wed, Jan 6, 2010
File Upload in PHP - PHP File Upload Script
Viewed 1708 times since Thu, Nov 5, 2009
jCart - Free PHP AJAX Shopping Cart
Viewed 995 times since Sun, Jan 3, 2010
Google Web Toolkit - Version 2 Released
Viewed 765 times since Tue, Dec 15, 2009
Google Maps jQuery Plugin - gMap
Viewed 980 times since Mon, Feb 8, 2010
JavaScript Tree Menu Component - jsTree Menu
Viewed 1249 times since Sat, Jan 9, 2010
tgrdfgdgfdg
Viewed 672 times since Sun, Jan 17, 2010
45 jQuery Navigation Plugins and Tutorials
Viewed 1768 times since Thu, Jan 28, 2010
Before and After Picture - jQuery Plugin
Viewed 991 times since Tue, Dec 29, 2009
MENU