Testing Tools - Security

Security Testing Tools

1. Oedipus

Oedipus is an open source web application security analysis and testing suite written in Ruby. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities.
Requirement: OS Independent

2. OSSTMM - Open Source Security Testing Methodology Manual

This manual is to set forth a standard for Internet security testing.

3. Paros

Paros is for people who need to evaluate the security of their web applications. It is completely written in Java. All HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
Requirement: Cross-platform, Java JRE/JDK 1.4.2 or above

4. WebScarab

WebScarab is a loose suite of web application security assessment tools written entirely in Java. It is a tool primarily designed to be used by developers who can write code themselves.
Requirement: OS Indpendent

5. Wireshark

Wireshark, formerly known as Ethereal, is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.
Requirement: Unix, Linux, and Windows

6. Babel Enterprise

Babel Enterprise manages the risk, dividing it by domains (groups or organizations), assets and policies. With all this, it can be checked, point by point the fully compliance of a security regulation, such as UNE-ISO/IEC 27001 or other ones that depend on this such as LOPD, SOX, etc.
Requirement: Linux, Solaris, WinXP, HP-UX, IBM AIX
Download data: Downloadable files: 5636 total downloads to date

7. BFBTester - Brute Force Binary Tester

BFBTester is good for doing quick, proactive security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. It can also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names.
Requirement: POSIX, BSD, FreeBSD, OpenBSD, Linux
Download data: Downloadable files: 8204 total downloads to date

8. CROSS

The CROSS (Codenomicon Robust Open Source Software) program is designed to help open source projects fix critical flaws in their code. Codenomicon's CROSS program provides open source projects with full access to its award-winning DEFENSICS testing solutions, helping the projects find and fix a large number of critical flaws very rapidly.
Requirement: 130 protocol interfaces and formats

9. Flawfinder

Program that scans C/C++ source code and reports potential security flaws. By default, it sorts its reports by risk level (the riskiest operations in the code are listed first).
Requirement: Python 1.5 or greater

10. Gendarme

Gendarme is a extensible rule-based tool to find problems in .NET applications and libraries. Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET) and looks for common problems with the code, problems that compilers do not typically check or have not historically checked.
Requirement: .NET (Mono or MS runtime)

See More

Functional Test Tools – All free and Open-Source
Performance Test Tools – All free and Open-Source
Security Test Tools – All free and Open-Source
Unit Testing Tools – All free and Open-Source
Unit Test C/C++
Unit Test Java
Unit Test .Net
Unit Test PHP
Unit Test SQL


Related Topics

Guru’s Software Testing
Software Testing Tools – All free and Open-Source
Software Testing Techniques
Software Testing Techniques - II


Also Available

Server Virtualization – World’s Hottest Topic – A Good Research Work


If these topics really helped you or to make this topic more informative please give your suggestions/comments. Thanks