Nowadays, security of personal and corporate data plays an important role. And a huge attention is paid to thorough penetration testing, security testing, access control testing, etc. To check whether the system is protected from various attacks requires particular resources and means.
A huge amount of open-source tools for security testing is available now. They have different functional and capacities and the test team is able to choose a proper tool that will meet all system requirements. Some tools are used for web app security testing, others – for mobile testing.
What Are the Security Testing Tools?
- OpenVAS – a suite for vulnerability scanning. It has a web-based dashboard to easily track the issues. There is online OpenVAS scanner.
- Nikto – a tool for web server testing. It detects configuration issues, vulnerable scripts, etc. But it will not discover SQL and XSS bugs.
- Nmap – a port scanning tool for mapping networks and ports. Misconfiguration and vulnerabilities are detected by NSE scripts.
- OSSEC – HIDS (host based instruction detection system) that deals with security and operations issues. It ensures the monitoring of all aspects of Unix system activity with file integrity monitoring, log monitoring, rootcheck, and process monitoring.
- OpenSSH – a tool for checking the traffic by tunneling insecure protocols through SSH protocol. It encrypts the traffic to remove connection hijacking, eavesdropping and other malicious attacks.
- Security Onion – for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools.
- Wireshark – a network protocol analyzer. It provides the detailed reviewing of the traffic. It runs on Windows, Linux, FreeBSD or OSX based systems.