What Are Some Popular Open Source Automated Security Testing Tools?
There are quite a few automated security testing tools in the market. Below are some popular free and open-source tools:
- Zed Attack Proxy (ZAP)
Vega is a web security scanner and testing platform created by Subgraph. It is easy to use because of its graphic user interface. Vega is written in Java and runs on Linux, OS X and Windows. It helps find and validate SQL Injection, Cross-Site Scripting, and sensitive data that has been exposed. It also probes TLS/SSL security settings and thus improves security.
Zed Attack Proxy (ZAP)
Zed Attack Proxy (ZAP) is a multi-platform (Windows, Unix/Linux, Mac) open-source web application security testing tool. Developed by OWASP (Open Web Application Security Project), ZAP is an automatic scanner. One can use it to intercept proxies.
Wapiti by SourceForge helps in auditing the security of websites or web applications. It crawls the web pages looking for scripts or forms where it can inject data. It acts like a fuzzer injecting payloads to see where the vulnerability exists.
Grendel Scan is by SourceForge and has an automated testing module for detecting vulnerabilities that commonly appear on web applications. It also supports manual penetration testing.
SQLMap is another open-source penetration testing tool. An automated tool that helps in detecting SQL injections vulnerabilities. It has a range of switches from database fingerprinting, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
mitmproxy is an SSL capable mid-stage proxy for HTTP. Traffic flow can be inspected on the console interface and edited. It is also a multi-platform tool for use in Windows, Mac and Linux.
Of course, this is not a complete list of the popular free and open-source automated testing tools available in the market. But it gives a clear picture of the benefits and use of the Cyber Security Automation tools.