Web Application Security Tools & Scanner Applications

A web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test. Unlike source code scanners, web application scanners don’t have access to the source code and therefore detect vulnerabilities by actually performing attacks.

A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Like every testing tools, the web application security scanner is not a perfect tool, it has strength and weaknesses. Web application scanners can look for a wide variety of vulnerabilities, including:

• Input/Output validation: (Cross-site scripting, SQL Injection, etc.)
• Specific application problems
• Server configuration mistakes/errors/version

The following list of products and tools provide web application security scanner functionality.

Commercial Tools

• Acunetix WVS by Acunetix
• AppScan by IBM
• Burp Suite Professional by PortSwigger
• Hailstorm by Cenzic
• MileScan Web Security Auditor by MileSCAN Technologies
• N-Stalker by N-Stalker
• Nessus by Tenable Network Security
• NetSparker by Mavituna Security
• NeXpose by Rapid7
• NTOSpider by NTObjectives
• Retina Web Security Scanner by eEye Digital Security
• WebApp360 by nCircle
• WebInspect by HP
• WebKing by Parasoft

SAAS (Software As A Service) Providers

• AppScan OnDemand by IBM
• ClickToSecure by Cenzic
• QualysGuard Web Application Scanning by Qualys
• Sentinel by WhiteHat
• Veracode Web Application Security by Veracode
• WebInspect by HP
• WebScanService by Elanize KG

Free Open Source Tools

• Grabber by Romain Gaucher
• Grendel-Scan by David Byrne and Eric Duprey
• Paros by Chinotec
• Powerfuzzer by Marcin Kozlowski
• SecurityQA Toolbar by iSEC Partners
• W3AF by Andres Riancho
• Wapiti by Nicolas Surribas

Article ID: 402
Created: Mon, Mar 22, 2010
Last Updated: Mon, Mar 22, 2010
Author: Administrator

Online URL: https://www.articlediary.com/article/web-application-security-tools-scanner-applications-402.html