Ask the Expert

Open source application security testing tools

What are the famous open source tools for Web application security testing?

Requires Free Membership to View

Some of the popular open source Web proxies are WebScarab, Paros Proxy, and Burp Proxy. These are essentially man-in-the-middle proxies that sit between the Web browser and the Web server and allow the assessor to observe and manipulate the Web traffic.

Security testing tools:
What to look for in a Web application security testing tool

How to evaluate testing software and tools

Free Web application security testing tools you need to get to know

There aren't many open-source automated scanners for Web applications -- that is, things that you just point at a URL and say "scan it." One is Nikto, but it tests mostly for misconfigured Web servers and doesn't really touch the Web application logic itself.

-- Chris Eng, director of security services at Veracode, contributed to this response.

This was first published in December 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: