Home > Ask the Software Quality Experts > Application Security Questions & Answers > Top tools for testing Web application security
Ask The Software Quality Expert: Questions & Answers
EMAIL THIS

Top tools for testing Web application security

>
QUESTION:
What are the top vendors for code analysis for testing Web applications? It seems some vendors are targeted at a single language within the application, not so much the entire Web stack.


RELATED CONTENT
Application Security
Are SQL injection attacks really a big software security risk?
Beating software's cross-site scripting, authentication problems
Expert resolves issues plaguing OpenSTA users
What is fuzz testing? What are some ways to use fuzz testing?
How do I convince management to take application security seriously?
Security testing sales, marketing websites
How to prevent HTTP response splitting
PCI DSS compliance: WAF, code review or both?
Open source application security testing tools
Web application security testing basics

Software security testing tools
Why you don't need to buy a testing tool, except when you do
Old problems persist in Web 2.0 security practices
Beating software's cross-site scripting, authentication problems
Free tools for Agile testers
Put a stop to software espionage by watermarking source code
How to make your software tamperproof
How can I tell if my software security has been breached?
WebGoat: password weakness issues, basic application hacking concerns
Lesser-known free software testing tools testers should try
Demo: Using WebGoat, a free software testing tool

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
penetration testing  (SearchSoftwareQuality.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Dan Cornell EXPERT RESPONSE FROM: Dan Cornell

Pose a Question
Other Software Quality Categories
Meet all Software Quality Experts
Become an Expert for this site
ANSWERED November 2008:
More about Web application security tools:
Open source application security testing tools

What to look for in a Web application security testing tool

Free Web application security testing tools you need to get to know
There are a number of commercial vendors and open source products that do security source code reviews, and most of the commercial products support a variety of Web application development languages and environments. Some prominent examples include Coverity, Fortify Software, Klocwork, and Ounce Labs. Each of their tools supports several languages, but you would have to check the vendor's documentation for specific details.

The open source or freely available tools in this space do tend to be more focused on a single language. For example, FindBugs and PMD do static analysis for Java. They are mostly focused on quality issues, but they also find some security defects. For .NET environments, FxCop from Microsoft checks for quality and security issues.

The OWASP Orizon project is intended to be a cross-language framework for security source code review. It is currently in the early stages, but support for both Java and .NET is planned.




Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Software Quality - Software Maintenance, Software Requirements, Software Standards
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2010, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts