As Web applications become more and more widespread, Web security threats become increasingly prominent. Hackers use the loopholes in the website operating system and the SQL injection loopholes in the Web service program to gain control of the Web server, tamper with the content of the webpage, steal important internal data, or implant malicious code in the webpage . Make website visitors vulnerable. This also makes more and more users pay attention to the security issues of the application layer, and the attention to Web application security is gradually heating up. Here are 8 very useful free web security testing tools.
N-Stalker Free Version
N-Stalker Web Application Security 2012 free version can eliminate a large number of common vulnerabilities in this environment for your web application, including cross-site scripting (XSS), SQL injection (SQL injection), buffer overflow (Buffer Overflow), parameter tampering (Parameter Tampering) and so on.
Netsparker Community Edition
Netsparker Community Edition is a SQL injection scanning tool, which is a free community version of Netsparker and provides basic vulnerability detection functions. User-friendly and flexible.
Websecurify
Websecurify is an open source cross-platform website security inspection tool that can help you accurately detect web application security issues.
Pass by
Wapiti is a web application vulnerability checking tool. It has "black box" scanning, meaning it doesn't care about the source code of the web application, but it scans the deployment of the web page for scripts and formats that allow it to inject data.
Skipfish
Skipfish is an automatic web security scanner released by Google to reduce users' online security threats. Similar functionality to other open source scanning tools like Nikto and Nessus.
Exploit-Me
Exploit-Me is a Firefox web application security testing tool, lightweight and easy to use.
OWASP WebScarab Project
WebScarab is an application framework for analyzing HTTP and HTTPS protocols, and helps security experts discover potential program vulnerabilities by recording the session content (requests and responses) it detects.
X5s
x5s is a Fiddler plugin for assisting penetration testers in discovering cross-site scripting (XSS) vulnerabilities.
Friends who want to get involved in hacking & network security can refer to the super-detailed learning roadmap below. Learning according to this route is enough to support you to become an excellent intermediate and senior network security engineer:
There are also some video and document resources collected in the study, which can be taken by yourself if necessary:
supporting videos for each growth path corresponding to the section:
of course, in addition to supporting videos, various documents, books, materials & tools are also organized for you , and has already divided the categories for everyone.
Due to the limited space, only part of the information is shown
. Friends who need it can [click the card below] to get it for free: