Ini daftar web site untuk kebutuhan security atau keamanan web
Free Dynamic Web Application Security Scanners
Burp Scanner http://www.portswigger.net
Paros Proxy http://www.parosproxy.org
OWASP WebScarab http://www.owasp.org
Grabber http://rgaucher.info/beta/grabber/
Nikto http://www.cirt.net/nikto2
ratproxy http://code.google.com/p/ratproxy/
w3af http://w3af.sourceforge.net/
skipfi sh http://code.google.com/p/skipfi sh/
Netsparker http://www.mavitunasecurity.com/netsparker/
Browser DOM Checker http://code.google.com/p/dom-checker/
Commercial Dynamic Web Application Security Scanners
Acunetix Web Vulnerability Scanner http://www.acunetix.com
Cenzic Hailstorm http://www.cenzic.com
Syhunt Sandcat Scanner http://www.syhunt.com/?n=Sandcat.Sandcat
HP WebInspect https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__
IBM AppScan http://www-01.ibm.com/software/awdtools/appscan/
NTObjectives NTOSpider http://www.ntobjectives.com
Sample Web Applications for Security Testing
Gruyere (live) http://google-gruyere.appspot.com/
FreeBank Online (live) http://zero.webappsecurity.com/
Crack Me Bank (live) http://crackme.cenzic.com/
AltoroMutual (live) http://demo.testfi re.net/
Acunetix Acublog http://testaspnet.vulnweb.com (registration required)
Hacme Travel http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
Hacme Bank http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
Hacme Shipping http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
Hacme Casino http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
Hacme Books http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
SecuriBench http://suif.stanford.edu/~livshits/securibench/
SecuriBench Micro http://suif.stanford.edu/~livshits/work/securibench-micro/
OWASP WebGoat http://www.owasp.org/index.php/OWASP_WebGoat_Project
Command-line Tools
cURL http://curl.haxx.se/
Netcat http://netcat.sourceforge.net/
OpenSSL http://www.openssl.org/
Stunnel http://www.stunnel.org/
Crawling Tools
Wget http://www.gnu.org/software/wget/
crawler4j http://code.google.com/p/crawler4j/
HTTrack http://www.httrack.com/
Code Analysis Tools
Java Decompiler http://java.decompiler.free.fr/
JAD http://www.varaneckas.com/jad
Armorize CodeSecure http://www.armorize.com/
Checkmarx CxSuite http://www.checkmarx.com/
Fortify 360 http://www.fortify.com/
Veracode http://www.veracode.com/
Splint http://www.splint.org/
Valgrind http://www.valgrind.org/
Flawfi nder http://www.dwheeler.com/fl awfi nder/
RATS http://www.fortify.com/security-resources/rats.jsp
FXCop http://msdn.microsoft.com/en-us/library/bb429476(VS.80).aspx
ITS4 http://www.cigital.com/its4/
PREfast http://msdn.microsoft.com/en-us/library/ms933794.aspx
OunceLabs Ounce http://www.ouncelabs.com/
Coverity Static Analysis http://www.coverity.com/products/static-analysis.html
OWASP Orizon http://www.owasp.org/index.php/Category:OWASP_
Orizon_Project FindBugs http://fi ndbugs.sourceforge.net/
Jlint http://jlint.sourceforge.net/
CAT.NET http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-
c93f24cc9f9d&displaylang=en
Red Gate.NET Reflector http://www.red-gate.com/products/refl ector/
Binary Analysis
Open Reverse Code Engineering(OpenRCE) http://www.openrce.org
OllyDbg http://www.ollydbg.de
IDA Pro http://www.datarescue.com
WinDbg http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Profi ling Tools Httprint http://net-square.com/httprint/
SiteDigger http://www.foundstone.com/us/resources/proddesc/sitedigger.htm
Wayback Machine http://web.archive.org
GoogleDiggity http://www.stachliu.com
BingDiggity http://www.stachliu.com
Maltego http://www.paterva.com
Shodan http://www.shodanhq.com/
No comments:
Post a Comment