10

Are there any open source solutions for testing web security vulnerabilities? I am not looking to make my web application bullet proof since it'll be used internally at our organization. But I'd like to test it for the bare essentials from a web security perspective.

asked Jan 14, 2013 at 17:22

2 Answers 2

11

Zed Attack Proxy from OWASP - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

And generally I would advise browsing the site to learn more about security

Metasploit community edition is free - http://www.metasploit.com/about/choose-right-edition/

answered Jan 14, 2013 at 17:34
3
  • Burp Suite also has a free edition portswigger.net/burp. The professional edition, while not free is extremely cheap compared to other comparable solutions at 299ドル for a license. Commented Jan 15, 2013 at 18:21
  • Good catch, I'd forgotten that one, though how I could forget a product with such a wonderful name... Commented Jan 15, 2013 at 19:53
  • The OWASP group is a great source of info. ZAP and the WebGoat project can teach you a LOT. Webgoat is even guided, almost like taking a class. Once you feel comfortable with those concepts, download and explore some of the pre-packaged distros for this like BackTrack or SamuraiWTF. Then set up a VM and see what you can do! Commented Feb 1, 2013 at 18:38
1

Here are a few tools to get you started with website/web application security testing,

OWASP ZAP

Burpsuite

Subgraph Vega

Kali Linux

Kali Linux has a whole bunch of pen testing tools

answered Mar 26, 2021 at 5:57

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.