Web application security testing may prove challenging. Luckily there are many tricks invented by now by creative and dedicated testers like, let’s say, fuzzers. What are security fuzzers? Fuzz testing tools designed to appropriately provide various random data inside the app parameters. If we are talking web testing tools should be aimed at parameter format checks, buffer overflows as well as error and encoding management. POST and GET methods are commonly used for performing such tests however there are no strict limitations and you are free to use whatever your server supports. And here is a nice and handy list of tools that may and will assist you in fuzz testing your web application security.
- WebScrab is a nice framework designed for analyzing apps that are communicating via HTTPS and HTTP protocols. Hence the framework is written with Java it is easily portable to many different platforms. There are also multiple plugins one may easily use for various operation models. WebScrab’s parameter fuzzer will automatically substitute parameter values hence incomplete parameter validation will be exposed.
- ASP Auditor will do great at ASP.Net apps. This tool will love to seek out informational leeks and common misconfigurations.
- Wapiti is great at auditing your web app’s security. Black Box scans will allow nice results delivering you with the results on places that are weak to various data injections. And the results will be from someone who has never seen the source code which is extra nice.
- AppScan will scan as well as test for all shared web app vulnerabilities. WASC threats included.
- Burp Suite is, as you have probably guessed from the name, a suit of various web security test tools.
- Codemonicon Defensics is a tool from a team that discovered Heartbleed. Defensics modules are available for more than 270 different network protocols and interfaces and file formats, etc. As for some more positive sides of the tool we may consider nice actionable reports and easy remediation paths.
Hope you will enjoy testing even more with these bad boys!
Image by Hasbro Studios and DHX Media Vancouver