1.Vega
Vega can find cross site scripting and SQL injection vulnerability ofweb apps. Besides, if you site leaks sensitive information, Vega candetect that too. You can run it on Windows, Linux and OS X.
You can get the tool from https://subgraph.com/vega/
2.Wapiti
If you are planning to run a program for your apps, you can use Open source Wapiit. It has the following detection capabilities:
- Cross site scripting
- Sensitive files that can disclose information
- Weakness in htaccess file
- Various injection vulnerabilities.
- Presence of sensitive backup files.
http://wapiti.sourceforge.net/
3.skipfish
Skipfish is more like a reconnaissance tool because it can create aninteractive sitemap of the target website using recursive web crawl. Atthe end of the scan skipfish generates a detailed report of existingvulnerabilities in your website. You can use it with Windows, Linux,FreeBSD and Mac OS X.
https://code.google.com/p/skipfish/
4. Netsparker Community edition
It is considered one of the most effective open source tools todetect SQL injection. If you are looking for an intuitive and userfriendly SQL injection tool, then you must give it a try. Besides, it isfalse positive free.
https://www.netsparker.com/communityedition/
5.Websecurify
across platform web application security testing tools that you can useone a monthly basis. If you want to use it free then try to use thetrial version of the suite of this powerful web security toolkit.
https://suite.websecurify.com/classic
6.ESAPI
(enterprise security API) is a web application security library of OWASP.itis not any web security testing tool, rather it helps programmer todevelop low-risk application programs. New app developers ororganization can use ESAP as a solid foundation for their app security.If you are developing new application, you can visit https://www.owasp.org/index.php/Category: OWASP_Enterprise_Security_API
7.BeEF
orBrowser Exploitation Framework helps to discover client sidevulnerabilities. This tool detects the application weakness usingbrowser vulnerabilities. Each browser is written with specific securitycontent in mind, so each browser’s security context has both strengthand weakness. BeEF allows the security tester to choose certain types tosecurity context in order to each certain browser. To learn more aboutthis browser based web app vulnerability analysis tool visit: http://beefproject.com/
8. Metasploit
Mestasploit is considered one of the most robust and complete websecurity testing tool. You want to purse your career as a web securitytester or something like that you can start using the open-sourcesecurity testing tool by downloading it from http://www.metasploit.com/
Though the web security and threat pattern is changing fast, the coreconcept that attackers use to exploit almost remains the same.Therefore, if you are planning to run an application security program inyour organization and not willing to hire an security expert, let yourIT engineers play with the tools mentioned in this post and test thatwhether your applications are strong enough to sustain against the mostcommon web attacks.
