Q

Open source application security testing tools

Application security testing requires the right tools to be effective. Expert Chris Wysopal goes over your open source options.

What are the famous open source tools for Web application security testing?

Some of the popular open source Web proxies are WebScarab, Paros Proxy, and Burp Proxy. These are essentially man-in-the-middle

proxies that sit between the Web browser and the Web server and allow the assessor to observe and manipulate the Web traffic.

Security testing tools:
What to look for in a Web application security testing tool

How to evaluate testing software and tools

Free Web application security testing tools you need to get to know

There aren't many open-source automated scanners for Web applications -- that is, things that you just point at a URL and say "scan it." One is Nikto, but it tests mostly for misconfigured Web servers and doesn't really touch the Web application logic itself.

-- Chris Eng, director of security services at Veracode, contributed to this response.

This was first published in December 2007

Dig deeper on Software Security Testing Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close