Interview Questions

Web Site Security Test Tools

List of Software Test Tools


(Continued from previous question...)

Web Site Security Test Tools

Web Site Security Test Tools

Tool/Product Name Operating system Comments
Nessus Linux, Unix It is a remote security scanner for Linux, BSD, Solaris, and other Unices. Nessus is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems.
BFBTester Solaris, Unix, Linux, MAC It is good for doing quick, proactive security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. It can also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names
Flawfinder Windows, Linux This is the main web site for flawfinder, a program that examines source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public
SECURITY TESTING - OSSTMM OS Independent The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics.
WebScarab OS Independent It is a loose suite of web application security assessment tools written entirely in Java. It is a tool primarily designed to be used by developers who can write code themselves.
Watchfire Windows It provides automated web application security testing for rapid development of secure Web applications, enables security assurance testing before deployment and auditing post deployment, and insures ongoing confidence by continuously monitoring Web applications across the enterprise
Web Vulnerability Scanner Windows Web site security testing tool from Acunetix first identifies web servers from a particular IP or IP range. It then crawls entire site, gathering information about every file it finds, and displaying website structure. After this discovery stage, it performs an automatic audit for common security issues. Applications utilizing CGI, PHP, ASP, ASP.NET can all be tested for vulnerabilities such as cross site scripting, SQL injection, CRLF injection, code execution, directory traversal and more
Codenomicon test tool Windows and Linux Codenomicon test tools are used for robustness testing, security assessment, software development, risk analysis, purchase criteria and acceptance testing. Codenomicon tools test implementations using black-box testing methods. Proactive flaw discovery introduces tremendous cost savings for our customers and promotes reliability and responsibility.
SARA Solaris, Linux, Mac, Windows and Unix It is a comprehensive network security scanner that discovers, analyzes, and reports on security vulnerabilities of network-based computers, server, routers, and firewalls
STAT Scanner Mac, Window, Unix, Solaris, Linux, Cisco, Oracle STAT Scanner is built to deliver a solid balance of speed and accuracy via its adaptive scanning techniques and false-response correlation technology. Through deep inspection of target systems that include redundant file attribute and registry value correlation, as well as SSH tunneling and authenticated OS fingerprinting refinement, STAT Scanner dramatically reduces the risk of false positives and false negatives.
Security Scanner Windows, Linux, Unix Free, open-source remote network security auditing tool, based on 'never trust the version number' and 'never trust that a given service is listening on the good port'. Nessus is made up of two parts : a server and a client; the server (nessusd) manages the 'attacks', whereas the client is a front-end designed to collect the results. Includes more than 1000 tests in 23 vulnerability categories, and Nessus Attack Scripting Language
SAINT® network vulnerability assessment scanner Unix, Linux, MAC It takes a preventative approach to securing your company's computer networks. SAINT scans your systems and finds security weaknesses. It prioritizes critical vulnerabilities in your network and recommends safeguards for your data. Includes DoS testing, reports specify severity levels of problems. Single machine or full network scans. Also available is 'WebSAINT' self-guided scanning service, and SAINTbox scanner appliance
Ethereal Unix, Windows, Linux It is a free network protocol analyzer tool. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
Snort Unix, Windows, Linux It is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine.
hping Unix, Linux hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) UNIX command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a trace route mode, the ability to send files between a covered channel, and many other features
dsniff Unix, Windows, Linux Dsniff is a suite of powerful network auditing and penetration-testing tools. It is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data . arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker. sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI
GFI LANguard Windows Once GFI LANguard N.S.S. has completed scanning a computer, it categorises security vulnerabilities and recommends a course of action. Wherever possible, further information or a web link is included regarding the security issue, for example a BugTraq ID or a Microsoft Knowledgebase article ID
Ettercap Mac, Window, Unix, Solaris, Linux Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis
J ohn the Ripper Dos, Linux, Windows, Unix, John the Ripper is a fast password cracker, currently available for many flavors of Unix, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
Tripwire Linux, Windows, Unix A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. It is freely available at Tripwire.Org. UNIX users may also want to consider AIDE, which has been designed to be a free Tripwire replacement
Nikto Linux, Windows, Unix Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers.
SuperScan Windows only It is a connect-based TCP port scanner, pinger and hostname resolver. No source code is provided. It can handle ping scans and port scans using specified IP ranges. It can also connect to any discovered open port using user-specified "helper" applications
NBTscan Linux, Windows, Unix NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address
Firewalk Linux, Unix Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a  given IP forwarding device will pass. Firewalk  works  by sending out TCP or UDP packets with a TTL one greater than the targeted gateway
ngrep Windows, Linux, Unix ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets.
Honeyd Windows, Linux, Unix Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses - I have tested up to 65536 - on a LAN for network simulation
Brutus Windows Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available.
Stunnel Windows, Linux, Unix Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols by having Stunnel provide the encryption, requiring no changes to the daemon's code
Fragment Windows, Linux, Unix It features a simple rule set language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behavior. This tool was written in good faith to aid in the testing of intrusion detection systems, firewalls, and basic TCP/IP stack behavior.
SPIKE Proxy Windows, Linux SPIKE Proxy is a professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it's completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on.
Bastille Linux, Mac OS X, and HP-UX The Bastille Hardening program "locks down" an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. Bastille can also assess a system's current state of hardening, granularly reporting on each of the security settings with which it works

(Continued on next question...)

Other Interview Questions