Appendix A: Testing Tools

Open Source
SQLmap Achilles Proxy Odysseus Proxy Webstretch Proxy Absinthe 1.1 (formerly SQLSqueal) NGS SQL Injection Inference Tool (BH Europe 2005) Internet Explorer HTMLBar Plugin Firefox LiveHTTPHeaders and Developer Tools Sensepost Wikto (Google cached fault-finding) Foundstone Sitedigger (Google cached fault-finding)

Commercial
AppSecInc AppDetective for Web Apps Cenzic Hailstorm NT Objectives NTOSpider Acunetix Web Vulnerability Scanner 2 Compuware DevPartner Fault Simulator Fortify Pen Testing Team Tool @stake Web Proxy 2.0 Burp Intruder Sandsprite Web Sleuth MaxPatrol 7 Syhunt Sandcat Scanner & Miner TrustSecurityConsulting HTTPExplorer Ecyware BlueGreen Inspector NGS Typhon Parasoft WebKing (more QA-type tool)

Requirements Management
OWASP Testing Guide Table of Contents