Security testing is a very complicated process, and there are many tools used in security testing, and there are different types, such as vulnerability scanning tools, port scanning tools, packet capture tools, penetration tools, etc.
1. Web vulnerability scanning tool - AppScan
AppScan is a web application security testing tool developed by IBM. It uses a black box testing method to scan common web application security vulnerabilities.
The scanning process of AppScan is divided into the following three processes .
1. Detection
2. Test
3. Scan
2. Port scanning tool - Nmap
Nmap is a network connection port scanning tool, which is used to scan the open network connection ports of computers on the Internet, determine the ports on which services are running, and infer the operating system running on computers.
3. Packet capture tool - Fiddler
Fiddler is an HTTP protocol debugging proxy tool. It works as a proxy web server to help users record all HTTP (HTTPS) traffic passed between the computer and the Internet. Log server-to-server, device-to-server traffic.
4. Web Penetration Testing Tool - Metasploit
Metasploit is a penetration testing platform that can find, verify vulnerabilities, and exploit vulnerabilities for penetration attacks. It is an open source project that provides the infrastructure, content, and tools to perform penetration testing and extensive security audits.
For penetration attacks, Metasploit mainly provides the following functional modules.
1. Exploit module (Exploit): It will use the target's security holes to attack during runtime.
2. Attack load module (Payload): After a successful penetration of the target, the test program starts to run on the target computer.
3. Auxiliary: Contains a series of auxiliary support modules.
4. Encoder module (Encoder): The encoder module is usually used to obfuscate the code of our attack module to escape the detection of the target security protection mechanism.
5. Meterpreter: The attack load using memory technology can be injected into the process.
Tags: testing tools, security testing
Article source: What are the widely used security testing tools? - Website Articles- Chengdu Kexin Youchuang Information Technology Service Co., Ltd.