Segurança de Aplicações Web
Ferramentas
Nesta página podem ser encontradas algumas ferramentas relacionadas com a Segurança de Aplicações Web, organizadas por diversas categorias.
Formação
| WebGoat | Ferramenta de formação em J2EE, produzida e fornecida pela OWASP |
| Mutillidae | Ferramenta para formação em PHP, com um conjunto de scripts que implementam a OWASP Top 10 |
Web Application Scanners
| Skipfish | Ferramenta desenvolvida pela Google para pesquisar vulnerabilidades em aplicações web |
| Webscarab | Ferramenta desenvolvida pela OWASP para testar as vulnerabilidades identificadas no OWASP Top 10 |
| w3af | w3af is a Web Application Attack and Audit Framework. |
| Nikto | Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs, checks for outdated versions of over 950 servers, and version specific problems on over 260 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. |
| Joomscan | Ferramenta desenvolvida pela OWASP para pesquisar vulnerabilidades em aplicações web desenvolvidas com recurso ao CMS Joomla |
| WebSecurify | Automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies. |
| Burp Suite Professional | urp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility. |
| HP WebInspect software | HP WebInspect performs web application security testing and assessment for today’s complex web applications, built on emerging Web 2.0 technologies. HP WebInspect delivers fast scanning capabilities, broad security assessment coverage and accurate web application security scanning results. HP WebInspect identifies security vulnerabilities that are undetectable by traditional scanners. With innovative assessment technology, such as simultaneous crawl and audit (SCA) and concurrent application scanning, you get fast and accurate automated web application security testing and web services security testing. |
Suites Integradas
| BackTrack Linux | BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. |
| Samurai Web Testing Framework | The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. |
| OWASP Live CD | Projecto desenvolvido pela OWASP que integra um conjunto de aplicações de segurança desenvolvidas em regime open-source para realizar testes de segurança em aplicações web. |
| Ubuntu Pentest Edition | Distribuição Linux Ubuntu com um conjunto de ferramentas preparadas para efectuar testes de penetração. |
