Article Diary - General Knowledge Digest

Web Application Security Tools & Scanner Applications

Web Application SecurityA web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test. Unlike source code scanners, web application scanners don’t have access to the source code and therefore detect vulnerabilities by actually performing attacks.

A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Like every testing tools, the web application security scanner is not a perfect tool, it has strength and weaknesses. Web application scanners can look for a wide variety of vulnerabilities, including:

  • Input/Output validation: (Cross-site scripting, SQL Injection, etc.)
  • Specific application problems
  • Server configuration mistakes/errors/version

The following list of products and tools provide web application security scanner functionality.

Commercial Tools

  • Acunetix WVS by Acunetix
  • AppScan by IBM
  • Burp Suite Professional by PortSwigger
  • Hailstorm by Cenzic
  • MileScan Web Security Auditor by MileSCAN Technologies
  • N-Stalker by N-Stalker
  • Nessus by Tenable Network Security
  • NetSparker by Mavituna Security
  • NeXpose by Rapid7
  • NTOSpider by NTObjectives
  • Retina Web Security Scanner by eEye Digital Security
  • WebApp360 by nCircle
  • WebInspect by HP
  • WebKing by Parasoft

SAAS (Software As A Service) Providers

  • AppScan OnDemand by IBM
  • ClickToSecure by Cenzic
  • QualysGuard Web Application Scanning by Qualys
  • Sentinel by WhiteHat
  • Veracode Web Application Security by Veracode
  • WebInspect by HP
  • WebScanService by Elanize KG

Free Open Source Tools

  • Grabber by Romain Gaucher
  • Grendel-Scan by David Byrne and Eric Duprey
  • Paros by Chinotec
  • Powerfuzzer by Marcin Kozlowski
  • SecurityQA Toolbar by iSEC Partners
  • W3AF by Andres Riancho
  • Wapiti by Nicolas Surribas
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
How to protect specific folder or disable directory browsing using htaccess?
Viewed 4492 times since Sun, Mar 14, 2010
Best Free Web Icons for Different Purposes
Viewed 1030 times since Mon, Dec 28, 2009
Featured Items Widget with jQuery
Viewed 1195 times since Sun, Dec 27, 2009
dTree - Flexible JavaScript Tree Menu
Viewed 1370 times since Thu, Jan 14, 2010
imgAreaSelect - jQuery Plugin To Select Areas On Images
Viewed 1271 times since Thu, Dec 31, 2009
Geo-location Mapping With Google Maps API & PHP
Viewed 1220 times since Mon, Apr 4, 2011
Google Web Toolkit - Version 2 Released
Viewed 948 times since Tue, Dec 15, 2009
10 Tips for Writing Better CSS Code
Viewed 1052 times since Fri, Nov 27, 2009
Create Full Screen Slideshows With Supersized
Viewed 960 times since Tue, Jan 5, 2010
JavaScript Tree Menu Component - jsTree Menu
Viewed 1511 times since Sat, Jan 9, 2010
MENU