Top ten Web site vulnerability Scanner tools

Source: Internet
Author: User
Tags sql injection

Network development So far, his high-end we have seen, but the network security is always the same topic, how can make the network more secure? It is a matter of concern how to build a secure Web environment. What security tools should we choose? We can test the vulnerabilities in our own system before the danger occurs. Recommend 10 large web vulnerability scanners.

1. Nikto

This is an open source Web server scanner that can test a wide range of projects on a Web server. Its scanned items and plug-ins are frequently updated and can be updated automatically. Nikto can test your Web server in as short a period as possible, which is pretty obvious in its log file. However, if you want to experiment, it can also support Libwhisker's anti-IDs approach. However, not every inspection can identify a security issue, although in most cases this is the case. There are projects that provide only information-type checks that look for items that do not have a security vulnerability, but are not known to web administrators or security engineers.

2. Paros Proxy

This is an agent that evaluates Web application vulnerabilities, a java-based Web proxy that evaluates Web application vulnerabilities. It supports dynamic editing/viewing of Http/https, thus altering items such as cookies and form fields. It includes a Web communication recorder, a Web trap program, a hash calculator, and a scanner that can test common Web application attacks.

3. WebScarab:

It can analyze applications that communicate using HTTP and HTTPS protocols, WebScarab can record the sessions it observes in the simplest form, and allows the operator to view the conversation in a variety of ways. If you need to observe a running state based on an HTTP (S) application, then Webscarabi can meet your needs. It's a good tool to help developers debug other challenges, or to allow security professionals to identify vulnerabilities.

4. WebInspect:

This is a powerful Web application scanner. This Application security Assessment tool for SPI Dynamics helps to identify known and unknown vulnerabilities in Web applications. It can also check if a Web server is properly configured and will try some common web attacks, such as parameter injection, cross-site scripting, directory traversal attacks, and so on.

5. Whisker/libwhisker:

Libwhisker is a Perla module that is suitable for HTTP testing. It can test HTTP servers against many known security vulnerabilities, especially the presence of dangerous CGI. Whisker is a scanning program that uses Libwhisker.

6. Burpsuite:

This is an integrated platform that can be used to attack Web applications. The Burp suite allows an attacker to combine manual and automated technologies to enumerate, analyze, attack, or exploit vulnerabilities in Web applications. A variety of burp tools work together, share information, and allow a tool-discovery vulnerability to form the basis of another tool.

7. Wikto:

This is a Web server assessment tool that can check vulnerabilities in Web servers and provide many of the same features as Nikto, but adds a lot of interesting features, such as back-end miner and tight Google integration. It is written for the ms.net environment, but users need to register to download the binaries and source code.

8. Acunetix Web Vulnerability Scanner:

This is a commercial-level Web vulnerability scanner that examines vulnerabilities in Web applications such as SQL injection, Cross-site scripting attacks, weak password lengths on the authentication page, and so on. It has an easy-to-use graphical user interface and the ability to create professional-level Web site security audit reports.

9. Watchfire AppScan:

This is also a business-class web vulnerability scanner. AppScan provides security testing throughout the development lifecycle of the application, thus testing simplifies component testing and early development of security assurances. It scans for a number of common vulnerabilities, such as cross-site scripting attacks, HTTP response splitting vulnerabilities, parameter tampering, implicit field processing, backdoor/debug options, buffer overflows, and so on.

N-stealth:

The

N-stealth is a commercial-level Web server security scanner. It upgrades more frequently than some free web scanners, such as Whisker/libwhisker, Nikto, and so on. Also note that virtually all general-purpose VA tools, such as Nessus, ISS Internet Scanner, Retina, SAINT, and Sara, all contain web scanning parts. N-stealth provides scanning primarily for Windows platforms, but does not provide source code.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.