Quality Testing

Quality is delighting customers

Can anyone suggest me a good open source security testing tool for a java based web application?

Can anyone suggest me a good open source security testing tool for a java based web application?


Thanks in Advance :)

Views: 594

Reply to This

Replies to This Discussion

Hello Sumithra ,

1) Web scarab 2) Paros scanning are open source Security Testing Tool and his very use fully for Java Application.

Please following link are use
Tools can be downloaded by http://www.parosproxy.com


---Sandip Wagh
Hi Sumithra,
There are some good tools you can use for security testing of web applications. I am briefing some of the tools I have worked on:

1) Burp Suite (Proxy) -

This is a really good proxy with minimal configuration that sits between your browser and application. It is used for intercepting your requests and observing what data you are passing to the application. This tool is very helpful in testing your application against attacks such as XSS, SQL injection , Session hijacking and many more.

2) Ethereal Network Packet Sniffer (Now Wireshark) -

With this tool you can know what all data is being transferred across your network. Whether it is transferred in plain text or encrypted and so on.

3) Lapse Source Code Analysis/ Klockwork -

This tool is used for source code analysis and points out the security vulnerabilities at the code level itself

4) Nessus -

It is used for testing network security scanning.

Other than these tools I advice you to security test your web application manually. You can get ample of help from www.owasp.org.

Thank you Tejas. Great info!!
Now that i have got information on security testing tool, i want to know what all security tests can be done manually also. The site which u have mentioned has got vast information.I'm very new to security testing. I have no clues on where to start and what is the basics which i have to know.Would be good if you can let me know.
I have been working in this security testing field since quite a time now. As per my experience, the site that I have mentioned (www.owasp.org) is the best point to start with. Immense knowledge about the various security threats and how to test them is given in a very simple-to-understand form.

Security testing is a vast field and you need to put in lot of efforts initially. So I would suggest you to start googling about various web-vulnerabilities that are existent and that can be exploited.

I will suggest you to gather some information about vulnerabilities such as:
1) XSS attacks
2) Injection Flaws (SQL Injection)
3) CSRF attacks
4) Session Hijacking
5) Insecure URL Access

These are just a few topics you can very well start with. Once you get an idea of these, you can dig in some more topics.

As far as test cases are concerned, it will depend on the complexity of your application and its functionality.

So just take help from the site I mentioned and as you know that google is the best friend.So enjoy Security Testing.........

simply u search the open source tool..web secrify is a tool may be try it

Pl try the above sites. They look interesting



Dr Ananthakrishnan


I would love to suggest some top vulnerability scanning tools which would help you to secure your application from attacks...

Vulnerability Scanning Tool of 2020

  • Aircrack-ng
  • Nikto
  • OpenVAS
  • Retina
  • Acunetix
  • Paessler PRTG
  • Rapid7 Nexpose
  • TripWire IP 360
  • BeyondTrust Network Security Scanner
  • SolarWinds Network Configuration Manager (NCM)

I hope you will get your answer…

Following are some of the tools used by qa company while performing a security testing:

1. Zed Attack Proxy: Zed Attack Proxy is one of best and easy to use tool for penetration security testing for finding loopholes and vulnerabilities in web applications
Compatiblity: Windows, Linux, Mac OS

2. BeEF: BeEF is also a powerful tool that focuses on web browser for the security related issues.
Compatiblity: Linux, Apple Mac OS X and Microsoft Windows

3. Wireshark: Wireshark is used for network related issues and troubleshooting them.
Compatiblity: Unix, Linux, and Windows

4. Oedipus: Oedipus is used to test web sites for application and web server vulnerabilities.
Compatiblity: It is OS Independent

5. Nmap: Nmap is used for network mapping and port scanning to get the vulnerabilities in network.
Compatiblity: Linux, Windows, and Mac OS X

6. Nikto: Nikto is kind of Web Scanner which scans the Web servers for dangerous/outdated server software and other server related issues.
Compatiblity: Windows/UNIX


TTWT Magazine





© 2021   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service