Spike
http://www.immunityinc.com/
When you need to analyze a new network protocol for buffer overflows or similar weaknesses, the SPIKE is the tool of choice for professionals. While it requires a strong knowledge of C to use, it produces results second to none in the field. SPIKE is available for the Linux platform only.
SPIKE proXy
SPIKE proXy is part of the SPIKE Application Testing Suite,
It functions as an HTTP and HTTPS proxy, and allows the web developer
or web application auditor low level access to the entire web application
interface, while also providing a bevy of automated tools and techniques
for discovering common problems. These automated tools include:
- Automated SQL Injection Detection
- Web Site Crawling (guaranteed not to crawl sites other than
the one being tested)
- Login form brute forcing
- Automated overflow detection
- Automated directory traversal detection
In addition to automated analysis, SPIKE proXy allows the user to
analyse the internals of the web application by viewing and changing
all variables, cookies, headers, or other parts of the request and
resubmit them. Also, a single installation can be shared by multiple users.
WebProxy
wwww.atstake.com
http://www.symantec.com/business/index.jsp
WebInspect
http://hp-webinspect.software.informer.com/
HP WebInspect software is web application security assessment software designed to thoroughly analyze today's complex web applications. It delivers fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
1026
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
