Web Application Security Resources

Web Application Security Resource

Here is a list of web application security resource, including testing tools, sites you can test against, etc. Its grouped under:

  • Suites and Frameworks
  • Vulnerable Web Applications
  • Online
  • Download
  • Utilities
  • Additional Resources

Suites / Frameworks

  • Burp Suite
    The premier tool for performing manual web application vulnerability assessments and penetration tests. The pro version includes a scanner, and the Intruder tool makes the offering stand out amongst its peers.
  • HP WebInspect
    An enterprise-focused tool suite that includes a scanner, proxy, and assorted other tools.
  • WebScarabNG
    The latest version of this famous suite from OWASP. Includes a web services module that allows you to parse WSDLs and interact with their associated functions.
  • IBM AppScan
    IBM’s enterprise-focused suite.
  • Acunetix
    Acunetix’s enterprise-focused suite.
  • NTOSpider
    NTObjectives’s enterprise-focused suite.
  • W3af
    w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
  • Websecurify
    Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.
  • Samurai
    The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment.
  • Skipfish
    A fully automated, active web application security reconnaissance tool written by Michal Zalewski of Google.

Web Assessment Utilities

Browser Extensions

  • Websecurify Chrome Extension
    The Chrome Extension version of the Websecurify tool. Performs a scan and tells you the results summary, but there’s no authentication or detailed view of findings. It’s more of a quick-touch option before you run a real tool.
  • XSS Me
    The Firefox Extension.
  • SQL Inject Me
    The Firefox Extension.


Download and Configure

All due credit for this article goes to the person who put it up here