Some Free Web App Security Testing Tools & Resources
June 11th, 2009
We went over some of these tools at the latest North Carolina OWASP Meeting, so I thought I’d make this list available here. Enjoy!
Proxy Servers:
WebScarab: http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project#Download
Burp: http://www.portswigger.net/suite/download.html
Paros: http://www.parosproxy.org/download.shtml
Firefox Plugins:
Tamper Data: https://addons.mozilla.org/en-US/firefox/addon/966
NoScript: http://noscript.net/getit
ShowIP: https://addons.mozilla.org/en-US/firefox/addon/590
SwitchProxy: https://addons.mozilla.org/en-US/firefox/addon/125
SQL Inject Me: https://addons.mozilla.org/en-US/firefox/addon/7597
XSS Me: https://addons.mozilla.org/en-US/firefox/addon/7598
ViewStatePeeker: https://addons.mozilla.org/en-US/firefox/addon/7167
Many of these are included in a single plugin distribution here: https://addons.mozilla.org/en-US/firefox/collection/webappsec
Some SQL Injection Tools we Discussed:
SQLMap: http://sqlmap.sourceforge.net/
SQLNinja: http://sqlninja.sourceforge.net/
Pangolin: http://www.nosec.org/en/pangolin.html
Test Applications that wont land you in Prison:
WebGoat: http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824&release_id=613045
Hacme Series: http://www.foundstone.com/us/resources-free-tools.asp (look under SASS Tools)
Some suggestions taken from RSnake over at ha.ckers.org:
* http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
* http://testasp.acunetix.com/Default.asp
* http://test.acunetix.com/
* http://hackme.ntobjectives.com/
* http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
* http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
* http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
* http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
* http://zero.webappsecurity.com/
* http://www.hackertest.net/
* http://www.hackthissite.org/
* http://www.mavensecurity.com/WebMaven.php
* http://ha.ckers.org/challenge/
* http://ha.ckers.org/challenge2/
* http://demo.testfire.net/
* http://scanme.nmap.org/
* http://www.hellboundhackers.org/
* http://www.overthewire.org/wargames/
* http://roothack.org/
* http://heorot.net/
* http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
* http://wocares.com/xsstester.php
* https://how2hack.net
* http://hax.tor.hu/
Hey thanks a lot for sharing such a nice and informative information
SECURITY IS a major concern these days, not only in physical space but also in the cyber space.
By the way for more information check this link: http://www.eccouncil.org/certification/ec-council_certified_security_officer.aspx
Comment by smith — May 3, 2010 @ 3:45 am