OWASP Top 10 penetration testing software

最新推荐文章于 2024-05-13 16:21:42 发布
最新推荐文章于 2024-05-13 16:21:42 发布
阅读量1.2k 收藏
点赞数
文章标签: testing application security web tools ibm 
- Burp Suite <http://www.portswigger.net/burp/


  The premier tool for performing manual web application vulnerability
  assessments and penetration tests. The pro version includes a scanner, and
  the Intruder tool makes the offering stand out amongst its peers.
  - HP WebInspect <https://download.spidynamics.com/webinspect/default.htm


  An enterprise-focused tool suite that includes a scanner, proxy, and
  assorted other tools.
  - WebScarabNG <https://download.spidynamics.com/webinspect/default.htm


  The latest version of this famous suite from OWASP. Includes a web
  services module that allows you to parse WSDLs and interact with their
  associated functions.
  - IBM AppScan <http://www-01.ibm.com/software/awdtools/appscan/


  IBM's enterprise-focused suite.
  - Acunetix <http://www.acunetix.com/


  Acunetix's enterprise-focused suite.
  - NTOSpider <http://www.acunetix.com/


  NTObjectives's enterprise-focused suite.
  - W3af <http://w3af.sourceforge.net/


  w3af is a Web Application Attack and Audit Framework. The project's goal
  is to create a framework to find and exploit web application
  vulnerabilities that is easy to use and extend.
  - Websecurify <http://www.websecurify.com/


  Websecurify is a powerful web application security testing environment
  designed from the ground up to provide the best combination of automatic
  and manual vulnerability testing technologies.
  - Samurai <http://samurai.inguardians.com/


  Websecurify is a powerful web application security testing environment
  designed from the ground up to provide the best combination of automatic
  and manual vulnerability testing technologies.
  - Skipfish <http://code.google.com/p/skipfish/>
  A fully automated, active web application security reconnaissance tool
  written by Michal Zalewski of Google.
  - RAFT (Response Analysis and Further Testing
Tool)<http://code.google.com/p/raft/>
  RAFT is a testing tool for the identification of vulnerabilities in web
  applications. RAFT is a suite of tools that utilize common shared elements
  to make testing and analysis easier. The tool provides visibility in to
  areas that other tools do not such as various client side storage.
  - Zed Attack Proxy
(ZAP)<https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project


  The Zed Attack Proxy (ZAP) is an easy to use integrated penetration
  testing tool for finding vulnerabilities in web applications. It is
  designed to be used by people with a wide range of security experience and
  as such is ideal for developers and functional testers who are new to
  penetration testing. ZAP provides automated scanners as well as a set of
  tools that allow you to find security vulnerabilities manually.




Standalone Web Assessment Tools:




  - Nikto <http://www.cirt.net/nikto2


  Nikto is an command line Open Source (GPL) web server scanner which
  performs comprehensive tests against web servers for multiple items,
  including over 6400 potentially dangerous files/CGIs, checks for outdated
  versions of over 1000 servers, and version specific problems on over 270
  servers.
  - Wikto <http://www.sensepost.com/labs/tools/pentest/wikto


  Wikto is Nikto for Windows - but with a couple of fancy extra features
  including Fuzzy logic error code checking, a back-end miner, Google
  assisted directory mining and real time HTTP request/response monitoring.
  Wikto is coded in C# and requires the .NET framework.
cnbird2008
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Penetration Testing Kit-crx插件
04-01
语言:English (UK) 渗透测试套件 渗透测试套件的功能:您是渗透测试人员还是Red Team的成员,还是仅是应用程序安全从业人员? 需要有关应用程序的安全性见解? 尝试使用PTK-一种使您的浏览器更智能的扩展。 基于Wappalyzer NPM模块,PTK提供了有关技术堆栈,安全标头,爬网链接和域的有见地的信息。 详细的流量日志允许用户在R-Builder中重复请求,或发送攻击R-Attacker的请求,并在任何特定请求上执行XSS,SQL或OS Command注入。 宏和流量记录,引导身份验证可绕过MFA / Captcha,Swagger编辑器,以及其他许多有助于日常应用程序安全工作的功能。
DVWA靶场,集成了owasp top 10漏洞
03-28
这个靶场集成了OWASP(Open Web Application Security Project)的Top 10漏洞,这些是网络应用中最常见且最具危害性的安全问题。通过在DVWA中实践,用户能够深入理解漏洞的原理,学习如何识别它们,以及如何利用这些...
Penetration testing checklist based on OWASP Top 10 Mobile
煜铭2011
10-04 1235
0x01 Client Side - Static and Dynamic analysis Test Name Description Tool OWASP Applicable Platform Result Reverse Engineering the Application Code Disassembling and Decompiling
渗透测试工具及插件第二期
最新发布
weixin_45802999的博客
05-13 355
它检测内容管理系统,电子商务平台,Web框架,服务器软件,分析工具等。使用非常简单,只需在浏览器中安装对应的插件,然后访问一个网站时,插件会自动识别并显示该网站所使用的技术。这个工具他集成了中间件,等版本信息,漏洞信息,url,标识头等信息,WAF/CDN识别,密匙等信息,多种信息的功能上集合的插件。将主机信息汇聚成数据库,然后显示出主机的IP、端口、中间件、摄像头,工控设备banner等其他网络设备信息。*动态反向Shell生成器(PHP,Bash,Ruby,Python,Perl,Netcat)
OWASP Firmware Security Testing Methodology
i_can1的博客
07-13 655
OWASP Firmware Security Testing MethodologyFSTM is composed of nine stages tailored to enable security researchers, software developers, hobbyists, and Information Security professionals with conducting firmware security assessments.Whether network connect
【网络安全知识体系】外网渗透测试 | 14个小实验
热门推荐
04-18 1万+
【通俗易懂】外网渗透测试的流程&14个小实验带你了解网络安全
PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS
weixin_30859423的博客
02-25 518
PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS For printing instruction, please refer the main mind maps page. Available Formats: Image and URLsImage OnlyURLs Only ...
OWASP TOP 10 2021年图片版
06-08
这个是图片格式,因为文档格式的资源已经存在所以不允许上传,但我没找到已存在的资源在哪里,从官网上下载文档是免费的,谁知道到了csdn收不收费,要不要积分,所以传了个图片版,不好看,但是免费,注意是0积分...
OWASP-TOP10-2021中文版V1.0
01-28
OWASP TOP 10 2021 中文版 V1.0 OWASP TOP 10 2021 中文版 V1.0 是一个全新的、使用新图形设计的项目,旨在提高 Web 应用程序的安全性。该项目提供了一个详细的清单,涵盖了当前最常见的十大安全风险,旨在帮助...
Hands-On Penetration Testing on Windows - 2018 pdf 5分
08-09
Hands-On Penetration Testing on Windows pdf 页数:454 来源: https://itbooks.ctfile.com/fs/18113597-302639985 Master the art of identifying vulnerabilities within the Windows OS and develop the desired solutions for it using Kali Linux. Book Description Windows has always been the go-to platform for users around the globe to perform administration and ad hoc tasks, in settings that range from small offi ces to global enterprises, and this massive footprint makes securing Windows a unique challenge. This book will enable you to distinguish yourself to your clients. In this book, you'll learn advanced techniques to attack Windows environments from the indispensable toolkit that is Kali Linux. We'll work through core network hacking concepts and advanced Windows exploitation techniques, such as stack and heap overflows, precision heap spraying, and kernel exploitation, using coding principles that allow you to leverage powerful Python scripts and shellcode. We'll wrap up with post-exploitation strategies that enable you to go deeper and keep your access. Finally, we'll introduce kernel hacking fundamentals and fuzzing testing, so you can discover vulnerabilities and write custom exploits. By the end of this book, you'll be well-versed in identifying vulnerabilities within the Windows OS and developing the desired solutions for them. What You Will Learn Get to know advanced pen testing techniques with Kali Linux Gain an understanding of Kali Linux tools and methods from behind the scenes See how to use Kali Linux at an advanced level Understand the exploitation of Windows kernel drivers Understand advanced Windows concepts and protections, and how to bypass them using Kali Linux Discover Windows exploitation techniques, such as stack and heap overflows and kernel exploitation, through coding principles Authors Phil Bramwell Phil Bramwell acquired the Certified Ethical Hacker and Certified Expert Penetration Tester certifications at the age of 21. His professional experience includes Common Criteria design reviews and testing, network security consulting, penetration testing, and PCI-DSS compliance auditing for banks, universities, and governments. He later acquired the CISSP and Metasploit Pro Certified Specialist credentials. Today, he is a cybersecurity and cryptocurrency consultant and works as a cybersecurity analyst specializing in malware detection and analysis.
Practical Web Penetration Testing pdf
06-26
Learn how to execute web application penetration testing from end to end Key Features Build an end to end threat model landscape for Web Application Security Gain hands-on experience of using tools like Nmap, Metasploit, and Burp Suite Understand the web application vulnerabilities and learn the heart of web intrusion testing Elevate your skills to associate the network vulnerabilities to a web application infrastructure Book Description Companies all over the world want to hire professionals dedicated in Application Security. This topic is misunderstood by the security community. In this book, you will learn how to conduct application security testing using real life scenarios. Practical Web Penetration Testing starts by setting up your environment to perform web application penetration testing. You will then deep dive into different penetration testing concepts like threat modeling, intrusion test, infrastructure security threat and so on. The book will also cover advance concepts. like python scripting for automation. You will then discover end to end implementation of tools like Metasploit, Burp suite, and Kali Linux. Many companies out there deliver projects into production either using the agile methodology or the Waterfall methodology. This book will show you how to assist any company with their SDLC approach and guide you to become an application security specialist. By the end of this book, you will have hands-on knowledge of using different tools for penetration testing. What you will learn Learn how to use Burp Suite effectively Use Nmap, Metasploit and more tools for network infrastructure tests Practice all the Web Application Hacking Tools for intrusion tests using Kali Linux Learn how to analyse a web application using Application Threat Modeling Know how to conduct Web Intrusion Tests Understand how to execute Network Infrastructure Tests Master your skills by automating the Penetration Testing functions for maximum of efficiency using Python W
OWASP Top 10阅读笔记
09-01
OWASP Top 10 自 2003 年起就开始开发,迄今已经发布了多个版本,包括 OWASP Top 10 – 2010、OWASP Top 10 – 2013 和 OWASP Top 10 – 2017 等。 5. 应用程序安全风险 应用程序安全风险是指攻击者可能通过应用...
OWASP Top 10 2017
05-03
OWASP Top 10 2017 v1.3.pdf,2018年最新,上传于2018年5月3日。
Web框架中间件插件&BurpSuite&浏览器&被动&主动探针[武装浏览器]
weixin_54882883的博客
08-25 2150
它检测内容管理系统,电子商务平台,Web框架,服务器软件,分析工具等。通过注释可以发现一些利用的内容,有的程序员喜欢写上这个是什么功能,你就可以猜出后台或者隐藏的功能,有的还会贴上后台地址啥,配置文件内网域名各种吧。该工具用于快速在网页的html源码或js代码中提取一些有趣的信息,包括可能请求的资源、接口的url,可能请求的ip和域名,泄漏的证件号、手机号、邮箱等信息。这个工具他集成了中间件,等版本信息,漏洞信息,url,标识头等信息,WAF/CDN识别,密匙等信息,多种信息的功能上集合的插件。...
网络安全工程师必备浏览器插件
慢就是快
02-15 5929
文章目录WappalyzerNetcraft ExtensionBuiltWithPenetration Testing KitShodanOSINT搜索IP Domain Country FlagProxy SwitchyOmegaFoxyProxy禁用WebRTC防止 IP 泄漏Disable WebRTCHackBarUser-Agent Switcher and ManagerHTTP Header LiveModHeaderCookie编辑Retire.jsQuick source viewerI
渗透测试常用浏览器插件汇总
Thunderclap的博客
02-27 2448
渗透测试常用浏览器插件汇总
OWASP Top 10 2017:最严重的Web安全风险
"OWASP Top 10 2017 v1.3中文最新版.pdf" OWASP(Open Web Application Security Project,开源Web应用程序安全项目)是一个非盈利组织,致力于提高公众对Web应用安全的认识,并提供免费和开源的资源来帮助开发人员...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值