Appendix A: Testing Tools

[Up]

OWASP Pantera

 * SPIKE - http://www.immunitysec.com
 * Paros - http://www.proofsecure.com
 * Burp Proxy - http://www.portswigger.net
 * SQLmap
 * Achilles Proxy
 * Odysseus Proxy
 * Webstretch Proxy
 * Absinthe 1.1 (formerly SQLSqueal)
 * NGS SQL Injection Inference Tool (BH Europe 2005)
 * Internet Explorer HTMLBar Plugin
 * Firefox LiveHTTPHeaders and Developer Tools
 * Sensepost Wikto (Google cached fault-finding)
 * Foundstone Sitedigger (Google cached fault-finding)

Commercial
AppSecInc AppDetective for Web Apps Cenzic Hailstorm NT Objectives NTOSpider Acunetix Web Vulnerability Scanner 2 Compuware DevPartner Fault Simulator Fortify Pen Testing Team Tool @stake Web Proxy 2.0 Burp Intruder Sandsprite Web Sleuth MaxPatrol 7 Syhunt Sandcat Scanner & Miner TrustSecurityConsulting HTTPExplorer Ecyware BlueGreen Inspector NGS Typhon Parasoft WebKing (more QA-type tool)