Hi as part of the requirements of one of the websites I’m developing, I need to perform some security testing and make sure this site is not vulnerable to the threats listed in OWASP.
Any suggestions for automated software to conduct such testing? thanks
You could give WebScarab (part of OWASP project) a go:
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Or websecurify:
http://www.owasp.org/index.php/Source_Code_Analysis_Tools
All of these tools however are at best semiautomatic. So you either have to learn how to use yourself or hire somebody who knows about penetration testing and code security auditing.
Thanks, how do these compare to something like Acunetix Web Vulnerability Scanner, would the latter be more automated?
Yes Acunetix would be more automated.
Hey guys. Saw the thread
We offer full owsap+ scanning and malware detection monitoring
There is a free scan for everyone , once per URL
Just signup at www.sitesecuritymonitor.com
I hope no one considers this spamming. I just hate to see anyone try and do something this important by hand. Also acunetix is part of our tool belt so you get that plus
Cheers!
Jason