测试网站/测试场地
SPI Dynamics公司(活) - http://zero.webappsecurity.com/的
Cenzic日前发布(现场) - http://crackme.cenzic.com/
Watchfire公司(现场) - http://demo.testfire.net/
Acunetix(直播) - http://testphp.acunetix.com/ http://testasp.acunetix.comhttp://testaspnet.acunetix.com
WebMaven /越野银行- http://www.mavensecurity.com/webmaven
Foundstone的上海社会科学院工具- HTTP :/ / www.foundstone.com的/我们/资源免费
更新HackmeBank - http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank
tools.asp HTML OWASP的WebGoat -http://www.owasp.org/index.php/OWASP_WebGoat_Project:
OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator
斯坦福SecuriBench - http://suif.stanford.edu /〜livshits / securibench /
SecuriBench微- http://suif.stanford.edu/的的〜livshits /工作/ securibench的微/
HTTP代理/编辑
WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
打嗝- http://www.portswigger.net/
帕罗- http://www.parosproxy.org/~~V
提琴手- http://www fiddlertool.com /
Web代理编辑- http://www.microsoft.com/mspress/companion/0-7356-2187-X/
PANTERA -http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
苏茹- http://www.sensepost.com/research/suru/
httpedit(诅咒为主) - 查尔斯- http://www.xk72.com http://www.neutralbit.com/en/rd/httpedit/
/查尔斯/
奥德赛- http://www.bindshell.net/tools/odysseus
打嗝,防止外空军备竞赛和WebScarab为Mac OS X - http://www.corsaire.com/downloads/
Web应用程序从`网络安全扫描工具工具“/奥赖利- http://examples.oreilly.com/networkst/
JS指挥官- http://jscmd.rubyforge.org/~~V
Ratproxy - http://code.google.com/p/ratproxy/
基于工具RSnake的XSS小抄,webapp的起毛,编码工具
wfuzz - http://www.edge-security.com/wfuzz.php
ProxMon - http://www.isecpartners.com/proxmon.html
马鹿- http://wapiti.sourceforge.net/
采集卡- http:// rgaucher.info /β/采集/
XSSScan - http://darkcode.ath.cx/scanners/XSSscan.py
CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
HTMangLe - http:// www.fishnetsecurity.com /工具/ HTMangLe的/ publish.htm
JBroFuzz - http://sourceforge.net/projects/jbrofuzz
XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/
WhiteAcid的XSS助理- http://www.whiteacid.org/greasemonkey/
超长的UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
[TGZ,MielieTool(SensePost研究) - http:// packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz
RegFuzzer:测试你的正则表达式过滤器 -http://www.dachb0den.com/projects/screamingcobra.html 穗SPIKE代理-http://immunitysec.com/resources-freesoftware.shtml RFuzz = - http://rfuzz.rubyforge.org/~~VWebFuzz - ASP的http://www.pushtotest.com/Docs/downloads/features.html审计员-http://michaeldaw.org/projects/asp-auditor-v2/ WSTool - http://wstool.sourceforge.net/ 网站黑客控制中心(会中) - http://ussysadmin.com/whcc/ Web文本转换器-http://www.microsoft.com/mspress/companion/0-7356-2187-X/ HackBar(Firefox插件) -https://addons.mozilla.org/firefox/3899/ 净力工具(NF-工具,Firefox插件) - http://www.net-force.nl/library/downloads/ PostIntercepter(Greasemonkey脚本) -http://userscripts.org/scripts/show/743
HTTP一般测试/指纹
wbox:HTTP测试工具- 羟色胺http://hping.org/wbox/
:/ /检查- http://htcheck.sourceforge.net/
Mumsie - http://www.lurhq.com/tools/mumsie.html
WebInject - http://www.webinject.org/
Torture.pl的首页- http://stein.cshl.org/~~V〜lstein /酷刑/
JoeDog的的围城- http://www.joedog.org/JoeDog/Siege/
开放metoscan(HTTP方法测试) - http://www.open-labs.org/~~V
负载平衡探测器实验室:- http://ge.mine.nu/lbd.html
HMAP - http://ujeni.murkyroc。 COM /的HMAP /
净方:httprint - http://net-square.com/httprint/
Wpoison:HTTP压力测试- http://wpoison.sourceforge.net/
净方:MSNPawn - http://net- square.com / msnpawn / index.shtml
hcraft的Vuln的HTTP请求工匠- http://druid.caughq.org/projects/hcraft/
rfp.labs:LibWhisker - http://www.wiretrip.net/rfp/lw。 ASP
尼克托- http://www.cirt.net/code/nikto.shtml
斜纹- http://twill.idyll.org/~~V
DirBuster - http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
[邮政编码]事实上扫描器- http://security-net.biz/files/dff/DFF.zip
[邮政编码] Elza项目- http://packetstormsecurity.org/web/elza-1.4.7-beta.zip HTTP: / / www.stoev.org的/ elza.html
HackerFox和黑客插件捆绑:便携式Firefox与网络黑客插件捆绑- http://sf.net/projects/hackfox
基于浏览器的HTTP篡改/编辑/重放
TamperIE - http://www.bayden.com/Other/
ISR形式- http://www.infobyte.com.ar/developments.html
修改页眉(Firefox插件) - http://modifyheaders.mozdev。 ORG /
篡改数据(Firefox插件) - http://tamperdata.mozdev.org/~~V
UrlParams(Firefox插件) - https://addons.mozilla.org/en-US/firefox/addon/1290/
TestGen4Web (火狐) - https://addons.mozilla.org/en-US/firefox/addon/1385/
DOM检查/检查这(火狐) /头监视器(Firefox插件) - http://livehttpheaders.mozdev.org/https://addons.mozilla.org/en-US/firefox/addon/575/
cookie的编辑/中毒
[TGZ,stompy:会话ID工具- http://lcamtuf.coredump.cx/stompy.tgz
Add'N编辑饼干(ANEC,Firefox插件) - http://addneditcookies.mozdev.org/~~V
CookieCuller(Firefox附加上) - http://cookieculler.mozdev.org/~~V
CookiePie(Firefox插件) - http://www.nektra.com/oss/firefox/extensions/cookiepie/
CookieSpy - http://www.codeproject。 COM /壳/ cookiespy.asp的的
饼干总管- http://www.dutchduck.com/Features/Cookies.aspx
Ajax和XHR的扫描
SAHI - http://sahi.co.in/
scRUBYt - http://scrubyt.org/~~V
的jQuery - jQuery的,包括http://jquery.com/
- http://www.gnucitizen.org/projects/jquery-包括
Sprajax - Watir的http://www.denimgroup.com/sprajax.html
- http://wtr.rubyforge.org/~~V
Watij - http://watij.com/
华廷- http://watin.sourceforge.net/
RBNarcissus - http://idontsmoke.co.uk/2005/rbnarcissus/
SpiderTest(蜘蛛绒毛插件) - http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin
内嵌的JavaScript调试器(jasildbg) - http://jasildbg.googlepages.com/
Firebug的精简版- http://www.getfirebug.com/lite.html
firewaitr - http://code.google.com/p/firewatir/
RSS扩展和缓存
LiveLines(Firefox插件) - https://addons.mozilla.org/en-US/firefox/addon/324/
RSS-缓存- http://www.dubfire.net/chris/projects/rss-cache/
SQL注入扫描
0×90.org:苦艾酒,梅斯卡尔,等回家- http://0区×90.org/releases.php
SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
sqlninja:一个SQL服务器注入和工具takover - http://sqlninja.sourceforge.net/
JustinClarke的SQL蛮力- http://www.justinclarke.com/archives/2006/03/sqlbrute.html
山猫- http://www.northern-monkee .co.uk /项目/山猫/ bobcat.html
的SqlMap - http://sqlmap.sourceforge.net/
斯卡利:SQL Server数据库的前端和暴力动子- http://www.sensepost.com/research/scully的, /
FG注射器- http://www.flowgate.net/?lang=en&seccion=herramientas
PRIAMOS - http://www.priamos-project.com/
Web应用程序安全的恶意软件,后门,恶意代码
W3AF:Web应用程序攻击和审计框架- http://w3af.sourceforge.net/
索取Jikto程序- http://busin3ss.name/jikto-in-the-wild/
的XSS壳牌- http://ferruh.mavituna.com/的文章/ 1338?
的XSS代理- http://xss-proxy.sourceforge.net
AttackAPI - http://www.gnucitizen.org/projects/attackapi/
FFsniFF - http://azurit.elbiahosting.sk/ffsniff/
HoneyBlog基于网络的垃圾场- http://honeyblog.org/junkyard/web-based/
牛肉- http://www.bindshell.net/tools/beef/
Firefox扩展扫描仪(FEX集团) - http://www.gnucitizen。 ORG /项目/ FEX /
我的IP地址是什么?- http://reglos.de/myaddress/
xRumer:blogspam自动化工具- http://www.botmaster.net/movies/XFull.htm
SpyJax - http://www.merchantos.com/makebeta/tools/spyjax/
greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval
TECHNIKA - http://www.gnucitizen.org/projects/technika/
负载AttackAPI书签- http://www.gnucitizen.org/projects/load- attackapi书签
医师项目:JS端口扫描器,萍儿,后门,等等- http://michaeldaw.org/my-projects/
Web应用程序服务,在Web应用程序安全评估援助
天网- http://www.netcraft.net
AboutURL - http://www.abouturl.com/
的Scrutinizer - http://www.scrutinizethis.com/
net.toolkit - http://clez.net/
ServerSniff - http://www.serversniff.net/
在线微软脚本解码器- http://www.greymagic.com/security/tools/decoder/
网管工具包- http://www.webmaster-toolkit.com/
myIPNeighbbors,等。 AL - PHP的字符集编码http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address
- http://h4k.in/encoding~~V
数据:网址测试用例- http://h4k.in/dataurl
基于浏览器的安全性模糊/检查
zalewski MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi
HDM的工具:Hamachi的,CSSDIE,DOM -河内,AxMan - http://metasploit.com/users/hdm/tools/
桃的fuzzer框架- HTTP :/ / peachfuzz.sourceforge.net /
TagBruteForcer - http://research.eeye.com/html/tools/RT20060801-3.html
PROTOS测试套件:C05-HTTP-答复- http://www.ee.oulu .fi/research/ouspg/protos/testing/c05/http-reply/index.html
COMRaider - http://labs.idefense.com
bcheck - http://bcheck.scanit.be/bcheck/
停止钓鱼项目页面- http://www.indiana.edu/〜钓鱼/项目
LinkScanner的- http://linkscanner.explabs.com/linkscanner/default.asp
BrowserCheck - http://www.heise-security.co.uk/服务browsercheck / /
跨浏览器的漏洞测试- http://www.jungsonnstudios.com/cool.php
窃取信息使用DNS穿针演示- http://www.jumperz.net/index.php?i=2&a=1&b = 7
的JavaScript网站登录检查- Mozilla的http://ha.ckers.org/weird/javascript-website-login-checker.html
的ActiveX - http://www.iol.ie/〜LOCKA / MOZILLA / mozilla.htm
Jungsonn的黑色龙项目- http://blackdragon.jungsonnstudios.com/
先生 T(下主侦察工具,包括阅读Firefox的设置POC) - http://ha.ckers.org/mr-t/
弱势UXSS POC的Adobe插件检测- http://www.0×000000.com / I = 324
关于Flash:是您的闪存到最新的吗?- http://www.macromedia.com/software/flash/about/
测试您的安装Java软件- http://java.com/en/download/installed.jsp?detect=jre&try=1
WebPageFingerprint的-重量轻Greasemonkey中的fuzzer -http://userscripts.org/scripts/show/30285
PHP静态分析和扫描文件包含
PHP-SAT.org:静态分析PHP - http://www.program-transformation.org/PHP/
Unl0ck研究小组:在谷歌搜索工具包括错误- http://unl0ck.net/tools.php
的FIS文件包含扫描仪- http://www.segfault.gr/index.php?cat_id=3&cont_id=25
PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit
PHP防御手段
PHPInfoSec -检查安全性配置的phpinfo - http://phpsec.org/projects/phpsecinfo/~~V
一个Greasemonkey的替代品,可以发现在http://yehg.net/lab/#tools.greasemonkey
PHP的蛮力攻击检测-检测你的Web服务器如WFuzz,DirBuster OWASP的和漏洞扫描等的由蛮力工具扫描Nessus的,尼克托,Acunetix ..等http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip
PHP的登录信息-检查-严格执行管理员/用户选择强密码。测试打击对4规则的密码。它还内置烟雾测试页通过URL loginfo_checker.php?testlic
http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip
http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip
PHP-DDOS的盾牌- http://code
防止白痴分布式机器人识别HTTP 503头代码的洪水袭击而停止,一个棘手的脚本。.google.com / P / DDOS盾/ PHPMySpamFIGHTER的
Web应用防火墙(WAF)和入侵检测(APIDS)的规则和资源
Wikipedia上APIDS - http://en.wikipedia.org/wiki/APIDS
PHP的入侵检测系统(PHP的IDS) - http://php-ids.org/ http://code.google.com/p/phpids /
- http://code.google.com/p/dotnetids/
安全科学InterScout的dotnetids -http://www.securescience.com/home/newsandevents/news/interscout1.0.html
圣雷莫:mod_security的白名单的规则编辑器- http://remo.netnea.com/
GotRoot:ModSecuirty规则- http://www.gotroot.com/tiki-index.php?page=mod_security+rules
Web安全网关(WSGW) - http://wsgw。 sourceforge.net /
mod_security的规则发电机- http://noeljackson.com/tools/modsecurity/的
Mod_Anti_Tamper - http://www.wisec.it/projects.php?id=3
[TGZ,自动规则生成的mod_security - HTTP: / / www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz
AQTRONIX WebKnight - http://www.aqtronix.com/?PageID=99
Akismet在博客垃圾邮件的防御- 呻/ akismet.com /
萨摩亚正式确保Web服务的工具- http://research.microsoft.com/projects/samoa/
Web服务枚举/扫描/模糊
- WebServiceStudio2.0 http://www.codeplex.com/WebserviceStudio
净方:wsChess - http://net-square.com/wschess/index.shtml
WSFuzzer - http://www.owasp.org/index。 PHP /分类:OWASP_WSFuzzer_Project
筛:Web方法的搜索工具- http://www.sift.com.au/73/171/sift-web-method-search-tool.htm
iSecPartners:WSMap,WSBang等- 呻/ www.isecpartners.com / tools.html
非特定的Web应用程序的静态源代码分析
PIXY:XSS漏洞检测的静态分析工具- http://www.seclab.tuwien.ac.at/projects/pixy/
Brixoft.Net:源编辑- http://www.brixoft.net/prodinfo.asp? ID = 1
指南针安全Web应用程序审计工具(SWAAT) -http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project
这里更完整的清单- http://www.cs.cmu.edu/〜 aldrich/courses/654/tools /
一个不错的清单,声称一些演示可用- http://www.cs.cmu.edu/的〜aldrich/courses/413/tools.html
较小,但也不错列表- 呻/ spinroot.com /静态/
Yasca:一个高度可扩展的源代码的分析框架;几个分析工具集成到一个封装。http://www.yasca.org/~~V
静态分析的C / C + +(CGI,ISAPI等)在Web应用程序
大鼠- http://www.securesoftware.com/resources/download_rats.html
的ITS4 - http://www.cigital.com/its4/
FlawFinder - http://www.dwheeler.com/flawfinder/
夹板- 呻/ www.splint.org/~~V
UNO - http://spinroot.com/uno/
BOON(缓冲区溢出检测) - http://www.cs.berkeley.edu/〜昂/福音/ http://boon.sourceforge 。净
Valgrind的- http://www.valgrind.org/~~V
Java静态分析,安全框架,web应用程序的安全工具
失效- http://suif.stanford.edu/〜livshits /工作/时隔/
HDIV Struts的- http://hdiv.org/~~V
ORIZON株- http://sourceforge.net/projects/orizon/
FindBugs的:在Java中的错误方案- http://findbugs.sourceforge.net/
PMD - http://pmd.sourceforge.net/
可爱:一个导引式随机组,C和Java测试引擎- http://osl.cs.uiuc.edu/〜ksen /可爱/
艾玛- http://emma.sourceforge.net/
JLint - http://jlint.sourceforge.net/
的Java探路者- http://javapathfinder.sourceforge.net/
Fujaba:UML和Java源代码之间的移动- http://wwwcs.uni-paderborn.de/cs/fujaba/
Checkstyle - 左轮手枪http://checkstyle.sourceforge.net/
Cookie的安全框架- http://sourceforge.net/projects/cookie-revolver
tinapoc - HTTP: / / sourceforge.net /项目/ tinapoc的
使用jarsigner - http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html
Solex - http://solex.sourceforge.net/
的Java资源管理器- http://metal.hurlant.com/jexplore/
HttpClient的- http://www.innovation.ch/java/HTTPClient/
另一个HttpClient的- http://jakarta.apache.org/commons/httpclient/~~V
代码列表报道和分析工具Java - http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html中
微软。NET的静态分析和安全框架的工具,主要用于ASP.NET和ASP.NET AJAX,而且C#和VB.NET
- Visual Studio 2008的代码分析,可以在:
- VSTS的2008开发版(http://msdn.microsoft.com/vsts2008/products/bb933752.aspx)
- VSTS的2008团队套件(http://msdn.microsoft.com/vsts2008/products/bb933735.aspx)
- Visual Studio 2005代码分析仪,可在:
- 为软件开发人员的Visual Studio 2005团队版(http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)
- Visual Studio 2005团队套件(http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)
- Web开发辅助- http://www.nikhilk.net/Project.WebDevHelper.aspx
- FxCop的:
- 微软内部工具,你还不能有:
威胁建模
微软的威胁分析和建模工具V2.1(谭) 攻击树建模(SecurITree) -http://www.amenaza.com/software.php Octotrike - http://www.octotrike.org/~~V
与一般的Web应用程序安全的帮助下,用于Firefox的附加组件
网页开发工具- https://addons.mozilla.org/firefox/60/
平原旧的Web服务器(战俘) - https://addons.mozilla.org/firefox/3002/
XML开发人员工具栏- https://addons.mozilla .org/firefox/2897 /
公共福克斯- https://addons.mozilla.org/firefox/3911/
XForms的好友- http://beaufour.dk/index.php?sec=misc&pagename=xforms
议员科技本地安装- HTTP :/ / www.mrtech.com/extensions/local_install/
每晚测试工具- http://users.blueprintit.co.uk/〜戴夫/网络/火狐/ buildid / index.html的
IE浏览器“选项卡- https://addons。 mozilla.org/firefox/1419 /
用户代理切换- https://addons.mozilla.org/firefox/59/
ServerSwitcher - https://addons.mozilla.org/firefox/2409/
HeaderMonitor - https://addons .mozilla.org/firefox/575 /
RefControl - https://addons.mozilla.org/firefox/953/
refspoof - https://addons.mozilla.org/firefox/667/的
引荐- https://addons .mozilla.org/firefox/1999 /
LocationBar ^ 2 - https://addons.mozilla.org/firefox/4014/
SpiderZilla - http://spiderzilla.mozdev.org/~~V
Slogger - https://addons.mozilla.org / en-US/firefox/addon/143
消防加密器- https://addons.mozilla.org/firefox/3208/
附加用于Firefox的附加组件的帮助与JavaScript和Ajax的Web应用安全
硒IDE - http://www.openqa.org/selenium-ide/
萤火虫- http://www.joehewitt.com/software/firebug/
Venkman的- http://www.mozilla.org/projects/venkman/
Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/
的Greasemonkey - http://www.greasespot.net/
Greasemonkey的编译- http://www.letitblog.com/greasemonkey-compiler/的
用户脚本编译器- http://arantius.com/misc/greasemonkey/script-compiler
扩展开发的扩展(Firefox插件) - 智能中东点击http://ted.mielczarek.org/code/mozilla/extensiondev/
(Firefox插件) - https://addons.mozilla.org/en-US/firefox/addon/3885/
bookmarklets的,在Web应用程序安全援助
RSnake的bookmarklets的安全- http://ha.ckers.org/bookmarklets.html
BMlets - http://optools.awardspace.com/bmlet.html
bookmarklets的巨大清单- http://www.squarefree.com/bookmarklets/
Blummy :由称为blummlets的小部件,这使得使用Javascript提供丰富的功能- http://www.blummy.com/
bookmarklets的每一个博客应该有- http://www.micropersuasion.com/2005/10/bookmarklets_ev 。
平板书签编辑HTML(Firefox插件) - http://n01se.net/chouser/proj/mozhack/
的OpenBook和更新书签(Firefox附加元件) - http://www.chuonthis.com/extensions/
检查SSL证书/扫描
[邮政编码] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip
[邮政编码] Foundstone的SSLDigger -http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip
证书Viewer Plus技术(Firefox插件) - https://addons.mozilla.org/firefox/1964/
honeyclients,Web应用程序和Web代理蜜罐
honeyclient项目:开源honeyclient - http://www.honeyclient.org/trac/
HoneyC:低互动honeyclient, - http://honeyc.sourceforge.net/
捕捉:高交互honeyclient - 呻
哈克蜜罐/捕获hpc.sourceforge.net /谷歌- http://ghh.sourceforge.net/
PHP.Hop - PHP Honeynet项目- http://www.rstack.org/phphop/
SpyBye - http://www monkey.org /〜provos / spybye /
Honeytokens - http://www.securityfocus.com/infocus/1713
黑帽SEO,也许一些的WhiteHat SEO
SearchStatus(Firefox插件) - http://www.quirk.biz/searchstatus/
SEO的火狐(Firefox插件) - http://tools.seobook.com/firefox/seo-for-firefox.html
SEOQuake (Firefox插件) - http://www.seoquake.com/
为Web应用程序安全的足迹
进化- http://www.paterva.com/evolution-e.html
GooSweep - http://www.mcgrewsecurity.com/projects/goosweep/
灵气:谷歌API实用工具- http://www.sensepost.com/研究/ AURA /
边的安全工具- 枭http://www.edge-security.com/soft.php
域扫描仪- http://ha.ckers.org/fierce/
Googlegath - http://www.nothink。 ORG /的Perl / googlegath /
高级Dork(Firefox插件) - https://addons.mozilla.org/firefox/2144/
被动缓存(Firefox插件) - https://addons.mozilla.org/firefox/ 977 /
CacheOut!(火狐附加) - https://addons.mozilla.org/en-US/firefox/addon/1453/的
BugMeNot扩展(Firefox插件) - http://roachfiend.com/archives/2005/02/ 07/bugmenot /
TrashMail.net扩展(Firefox插件) - https://addons.mozilla.org/en-US/firefox/addon/1813/
DiggiDig(Firefox插件) - https://addons.mozilla .org/en-US/firefox/addon/2819 /
挖掘机(Firefox插件) - https://addons.mozilla.org/en-US/firefox/addon/1467/
数据库的安全性评估
水肺由Imperva的数据库漏洞扫描- http://www.imperva.com/scuba/
浏览器防御
死硬- http://www.diehard-software.org/~~V
LocalRodeo(Firefox插件) - http://databasement.net/labs/localrodeo/
NoMoXSS - http://www.seclab.tuwien.ac.at/的项目/ jstaint的/
请求的的罗德奥- http://savannah.nongnu.org/projects/requestrodeo
Flashblock的(Firefox插件) - http://flashblock.mozdev.org/~~V的
CookieSafe(Firefox插件) - https://的
NoScript的addons.mozilla.org/en-US/firefox/addon/2497(Firefox插件) -http://www.noscript.net/
FormFox(Firefox插件) - https://addons.mozilla.org / en-US/firefox/addon/1579 /
Adblock的(Firefox插件) - http://adblock.mozdev.org/~~V
在火狐(Firefox插件) - http://blog.php-security.org
httpOnly / archives/40-httpOnly-Cookies-in-Firefox-2.0.html SafeCache(Firefox插件) -http://www.safecache.com/的的
SafeHistory(Firefox插件) - http://www.safehistory。 COM /
PrefBar的(Firefox插件) - http://prefbar.mozdev.org/~~V
-in-One的边栏(Firefox插件) - https://addons.mozilla.org/en-US/firefox/addon / 1027 /
QArchive.org网页文件检查器(Firefox插件) - ,https://addons.mozilla.org/firefox/4115/
更新通知(Firefox插件) - https://addons.mozilla.org/en -US/firefox/addon/2098 /
FireKeeper - http://firekeeper.mozdev.org/~~V
的Greasemonkey:XSS的恶意脚本检测- http://yehg.net/lab/#tools.greasemonkey
浏览器的隐私
TrackMeNot(Firefox插件) - https://addons.mozilla.org/firefox/3173/
隐私鸟- http://www.privacybird.com/
应用程序和协议模糊测试(随机的,而不是有针对性)
蒙塔- http://fuzzing.org/~~V
taof:艺术的起毛- http://sourceforge.net/projects/taof/
zzuf:多用途的fuzzer - http://sam.zoy.org/zzuf/
autodafé的行为软件酷刑- http://autodafe.sourceforge.net/
EFS和GPF的:进化模糊系统- http://www.appliedsec.com/resources.html
549
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
