Article Diary - General Knowledge Digest

Web Application Security Tools & Scanner Applications

Web Application SecurityA web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test. Unlike source code scanners, web application scanners don’t have access to the source code and therefore detect vulnerabilities by actually performing attacks.

A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Like every testing tools, the web application security scanner is not a perfect tool, it has strength and weaknesses. Web application scanners can look for a wide variety of vulnerabilities, including:

  • Input/Output validation: (Cross-site scripting, SQL Injection, etc.)
  • Specific application problems
  • Server configuration mistakes/errors/version

The following list of products and tools provide web application security scanner functionality.

Commercial Tools

  • Acunetix WVS by Acunetix
  • AppScan by IBM
  • Burp Suite Professional by PortSwigger
  • Hailstorm by Cenzic
  • MileScan Web Security Auditor by MileSCAN Technologies
  • N-Stalker by N-Stalker
  • Nessus by Tenable Network Security
  • NetSparker by Mavituna Security
  • NeXpose by Rapid7
  • NTOSpider by NTObjectives
  • Retina Web Security Scanner by eEye Digital Security
  • WebApp360 by nCircle
  • WebInspect by HP
  • WebKing by Parasoft

SAAS (Software As A Service) Providers

  • AppScan OnDemand by IBM
  • ClickToSecure by Cenzic
  • QualysGuard Web Application Scanning by Qualys
  • Sentinel by WhiteHat
  • Veracode Web Application Security by Veracode
  • WebInspect by HP
  • WebScanService by Elanize KG

Free Open Source Tools

  • Grabber by Romain Gaucher
  • Grendel-Scan by David Byrne and Eric Duprey
  • Paros by Chinotec
  • Powerfuzzer by Marcin Kozlowski
  • SecurityQA Toolbar by iSEC Partners
  • W3AF by Andres Riancho
  • Wapiti by Nicolas Surribas
5 (2)
Article Rating (2 Votes)
Rate this article
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
PHP Interview Questions with Answers - Part 1
Viewed 1266 times since Mon, Jan 11, 2010
5 Best Online Diagram Designing Tools
Viewed 10792 times since Sat, Jan 30, 2010
How do I setup and use SSH?
Viewed 1659 times since Thu, Oct 15, 2009
Free 3D Flash Image Slider - Piecemaker
Viewed 1792 times since Sun, Apr 4, 2010
Tiny Flash MP3 Audio Player
Viewed 1071 times since Wed, Jan 6, 2010
Create Dynamic Tabs with jQuery
Viewed 1044 times since Sat, Feb 6, 2010
jCart - Free PHP AJAX Shopping Cart
Viewed 1396 times since Sun, Jan 3, 2010
jQuery Slider from a Select Element
Viewed 2514 times since Thu, Jan 14, 2010
imgAreaSelect - jQuery Plugin To Select Areas On Images
Viewed 1426 times since Thu, Dec 31, 2009
Best Free Web Icons for Different Purposes
Viewed 1229 times since Mon, Dec 28, 2009