Thursday 13th December 2018,
SQA²

Five Best Open Source Web Application Penetration Testing Frameworks

admin March 26, 2014 Resources No Comments
123rf-10914033_s

Penetration testing, sometimes known as vulnerability assessment, is the processes of identifying the security pitfalls in software, web applications, networks, and other communication systems. Overlooked security issues can cost thousands of dollars or completely crash the network. Penetration testing should be performed regularly to ensure the highest level of security of valuable information, money and customer data.

System security professionals use several enterprise and open source penetration frameworks. Here is a brief summary of the most popular open source web application penetration testing frameworks that help save money in the QA department and also help ensure security.

Metasploit

Metasploit is a popular framework available in three editions: professional, express and community. The community edition is free and open source with a set of robust penetration testing features such as web and command line interface, threat validation, network discovery, password auditing, social engineering and much more. Metasploit is available for Windows and Linux Platforms but keep in mind that it is resource intensive.  The program is extensible using several plug-ins.

w3af

w3af (Web Application audit and attack framework) is a popular and very powerful vulnerability assessment framework that can exploit more than 200 vulnerabilities. A newcomer in the penetration testing arena, it is one of Metasploit’s top competitors. It can detect PHP misconfigurations, XSS (cross site scripting), SQL injection, unhandled application exceptions and many other security issues. The program is also extensible using several plug-ins.

SUBGRAPH VEGA

VEGA is an amazing penetration testing framework yet is not as popular among QA professionals. This could be a result of its relatively low user base and support materials.  VEGA is cross-platform (platform independent) and written in Java. Currently it is available for all major operating systems, Windows, MAC OS X, and Linux. VEGA currently offers the following: XSS (Cross site scripting), SQL injection, directory traversal, URL injection, error detection, file upload errors and sensitive data recovery.

Websecurify

Websecurify is a veteran penetration tester that runs on Windows, MAC OS X and Linux and also runs on iOS and Android. It is simple to use and comes with good testing and scanning ability. There are a numbers plug-ins available for download.

Arachni

Arachni is the newest entry to the penetration testing market. Although only available on the Linux Platform, major updates are in the works. Arachni was developed with RubyMine and comes with an amazing web interface and distributed performance feature.

Like this Article? Share it!

About The Author

Comments are closed.