Quality Testing

Quality is delighting customers

Can anyone suggest me a good open source security testing tool for a java based web application?

Can anyone suggest me a good open source security testing tool for a java based web application?

 

Thanks in Advance :)

Views: 530

Reply to This

Replies to This Discussion

Hello Sumithra ,

1) Web scarab 2) Paros scanning are open source Security Testing Tool and his very use fully for Java Application.

Please following link are use
Tools can be downloaded by http://www.parosproxy.com

http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project


---Sandip Wagh
Hi Sumithra,
There are some good tools you can use for security testing of web applications. I am briefing some of the tools I have worked on:

1) Burp Suite (Proxy) -

This is a really good proxy with minimal configuration that sits between your browser and application. It is used for intercepting your requests and observing what data you are passing to the application. This tool is very helpful in testing your application against attacks such as XSS, SQL injection , Session hijacking and many more.

2) Ethereal Network Packet Sniffer (Now Wireshark) -

With this tool you can know what all data is being transferred across your network. Whether it is transferred in plain text or encrypted and so on.

3) Lapse Source Code Analysis/ Klockwork -

This tool is used for source code analysis and points out the security vulnerabilities at the code level itself

4) Nessus -

It is used for testing network security scanning.

Other than these tools I advice you to security test your web application manually. You can get ample of help from www.owasp.org.

Regards,
Tejas
Thank you Tejas. Great info!!
Now that i have got information on security testing tool, i want to know what all security tests can be done manually also. The site which u have mentioned has got vast information.I'm very new to security testing. I have no clues on where to start and what is the basics which i have to know.Would be good if you can let me know.
Sumithra,
I have been working in this security testing field since quite a time now. As per my experience, the site that I have mentioned (www.owasp.org) is the best point to start with. Immense knowledge about the various security threats and how to test them is given in a very simple-to-understand form.

Security testing is a vast field and you need to put in lot of efforts initially. So I would suggest you to start googling about various web-vulnerabilities that are existent and that can be exploited.

I will suggest you to gather some information about vulnerabilities such as:
1) XSS attacks
2) Injection Flaws (SQL Injection)
3) CSRF attacks
4) Session Hijacking
5) Insecure URL Access

These are just a few topics you can very well start with. Once you get an idea of these, you can dig in some more topics.

As far as test cases are concerned, it will depend on the complexity of your application and its functionality.

So just take help from the site I mentioned and as you know that google is the best friend.So enjoy Security Testing.........

Regards,
Tejas
Hi,
simply u search the open source tool..web secrify is a tool may be try it
www.secologic.org/.../testing/061219_TestToolAnalyseV1.pdf
www.opensourcetesting.org/security.php
twit88.com/blog/.../open-source-web-security-testing-tool/

Pl try the above sites. They look interesting


ALB

Blessings

Dr Ananthakrishnan

RSS

TTWT Magazine


Advertisement

Advertisement

Advertisement

Advertisement

© 2018   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service