Home of RF and Wireless Vendors and Resources

One Stop For Your RF and Wireless Need

Web application security testing tools | OWASP testing tools

This page covers different types of web application security testing tools and its basics. The comparison between web application security tools such as Wapiti, Netsparker and OWASP testing tool are also mentioned.

As we know software security has become very essential due to wide use of software applications in our daily life. Each and every electronic gadgets we use run on operating system and other necessary application softwares. Following software security requirements lead to development of security based tools:
•  Data confidentiality
•  Data integrity
•  Data availability
•  authentication
•  authorisation
•  Access control (read, write, read-write, execute, full control)
•  Audit
•  privacy protection
•  security protection

security testing types
Figure-1 : Security testing types

There are two types of security testing viz. functional testing and vulnerability testing. Functional testing assures tools dveloped comply with security standards and takes care of all the basic security functions as per requirement specifications. Vulnerability refers to any bugs in the software coding or in design. Vulnerability testing tests the tools as an attacker attacking the system's security application tools. It is also referred as penetration testing.

web application security testing tools
Figure-2 : Web application security testing tools

There are various security testing tools which include SARA,Qualys Free security scan, Qualys Gaurd, STAT scanner, Nessus security scanner, SAINT, NetiQ security Analyzer, Nikto scanner, tenable security center, SPI Dynamics web inspect, IBM Appscan, Acunetix web vulnerability scanner etc. Web application is in use tremandously owing to boom in internet supporting wireless and wireline technologies and devices.

Web application security testing

Following are few of the vulnerabilities of a typical web application. This leads to development of web application security testing tools.
•  cross site script
•  SQL injection
•  Adoption of wireless technologies with loop holes
•  broken authentication
•  session management
•  use of unsecured open source softwares and applications
•  Use of unsecured Pirated stuff
•  Improper configuration to counter security

Web application security testing tools | Wapiti, Netsparker, OWASP ZAP

Wapiti, OWASP ZAP and Netsparker are popular web application security testing tools. These tools help developed best web application security softwares and applications.

Wapiti: This tool is developed by Nicolas Surribus in 2006 and is widely used as vulnerability scanner for the web application. It will scan launched web site's web pages. It will inject the payload and checks for script's vulnerability. Basically it acts like a fuzzer. Wapiti does not find all the vulnerabilities but it is good open source tool. It will help detect following vulnerabilities:
•  Errors in File handling operations
•  Database injection
•  LDAP injection
•  CRLF injection
•  cross site scripting

OWASP testing tool: It is one of the penetration testing tool. The features are active scanning and fuzzing. Active scanning feature of ZAP tool helps find XSS and other type of vulnerabilities. Fuzzing feature of ZAP helps fuzz any portion of the application software. It is also open source software tool.

Netsparker: This web application security testing tool is used as scanner. This tool scans the web applications and produce the vulnerability results if any in no time. This tool works independent of any technology or platform applications are designed for. It supports javascript and AJAX. Netsparker helps scan for XSS, SQL injection, backup files, static tests, boolean SQL injection etc.

Wireless System Security Related Links

3G Security   LTE Security   GSM Security   Zigbee Security   Z-wave Security   Web App. Security  

RF and Wireless Terminologies

Share this page

Translate this page