There are plenty of "free" Web vulnerability scanners including Wikto and Paros. Even the commercial vendors Acunetix...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
and N-Stalker have free versions of their scanner tools. I have found that you definitely get what you pay for but these free tools can get you started down the right path. Just don't overestimate the value of scanners and underestimate the value of manual testing. The latter will uncover the *other* 40-50% of Web security flaws that the scanners can't find.
I would also like to make mention of the Web 2.0 security testing tutorial available on this site.
Here is a link: Web 2.0 application security troubleshooting, testing tutorial included in this tutorial are links to several free tools, explanations on how to use them as well as troubleshooting advice and videos.
Dig Deeper on Software Security Test Best Practices
Related Q&A from Kevin Beaver
Knowing how to test for security flaws is vital, but it's a complicated and changing field. Expert Kevin Beaver offers security testing basics.continue reading
While there are numerous security benefits to a DNSSEC implementation, there are drawbacks as well. Expert Kevin Beaver explains.continue reading
The benefits of the ODL SDN platform are promising, but what about the recent Netdump flaw it experienced? Expert Kevin Beaver discusses why you may ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.