Article Diary - General Knowledge Digest

Web Application Security Tools & Scanner Applications

Web Application SecurityA web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test. Unlike source code scanners, web application scanners don’t have access to the source code and therefore detect vulnerabilities by actually performing attacks.

A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Like every testing tools, the web application security scanner is not a perfect tool, it has strength and weaknesses. Web application scanners can look for a wide variety of vulnerabilities, including:

  • Input/Output validation: (Cross-site scripting, SQL Injection, etc.)
  • Specific application problems
  • Server configuration mistakes/errors/version

The following list of products and tools provide web application security scanner functionality.

Commercial Tools

  • Acunetix WVS by Acunetix
  • AppScan by IBM
  • Burp Suite Professional by PortSwigger
  • Hailstorm by Cenzic
  • MileScan Web Security Auditor by MileSCAN Technologies
  • N-Stalker by N-Stalker
  • Nessus by Tenable Network Security
  • NetSparker by Mavituna Security
  • NeXpose by Rapid7
  • NTOSpider by NTObjectives
  • Retina Web Security Scanner by eEye Digital Security
  • WebApp360 by nCircle
  • WebInspect by HP
  • WebKing by Parasoft

SAAS (Software As A Service) Providers

  • AppScan OnDemand by IBM
  • ClickToSecure by Cenzic
  • QualysGuard Web Application Scanning by Qualys
  • Sentinel by WhiteHat
  • Veracode Web Application Security by Veracode
  • WebInspect by HP
  • WebScanService by Elanize KG

Free Open Source Tools

  • Grabber by Romain Gaucher
  • Grendel-Scan by David Byrne and Eric Duprey
  • Paros by Chinotec
  • Powerfuzzer by Marcin Kozlowski
  • SecurityQA Toolbar by iSEC Partners
  • W3AF by Andres Riancho
  • Wapiti by Nicolas Surribas
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
Free JavaScript Charts Library - JS Charts
Viewed 660 times since Sun, Dec 13, 2009
Google Skipfish - Web Application Security Scanner
Viewed 760 times since Mon, Mar 22, 2010
dygraphs JS Charts - Free JavaScript Charts
Viewed 652 times since Sun, Dec 13, 2009
8 Basics of Regular Expressions
Viewed 697 times since Mon, Mar 8, 2010
PHP For Android Project - Interview with Lead Developer
Viewed 675 times since Mon, Jul 26, 2010
jQuery Dropdown Check List
Viewed 920 times since Thu, Jan 14, 2010
Geo-location Mapping With Google Maps API & PHP
Viewed 916 times since Mon, Apr 4, 2011
13 Useful Javascript Syntax Highlighting Scripts
Viewed 918 times since Mon, Jan 4, 2010
How to change default web page using htaccess?
Viewed 901 times since Sun, Mar 14, 2010
MENU