Security Tools

find_sec_bugs

Scans source code for vulnerable code, Has the abilty to integrate into developer machine. Effective with Java

SAST

Open Source

Yes

A SASS based source code review platform. Its free for open source projects. Can do both Java and javascript

SAST

Free

Yes

OWASP Zap proxy

This is the best we have and we should use the ZAP and automate all tests

DAST

Open Source

Yes

MS Baseline security Analyzer

In case we use a windows infrastructure then this tool is usefull.

Hardening

Free

No

Open Scap

We will need to create a custom profile and should be able to scan for hardened OS

Hardening

Free

Yes

Open Scap

Docker scanning

Docker scan

Free

Yes

Nessus Vulnerability Scanner

Vulnerability Scanning

Vulnerability Scanning

Commercial

No

Kali linux

OS with all the necessary tools to perform a pentest. This would be a lab setup and would be used as part of UAT testing

Penetration Testing

Open Source

No

Skipfish

Hacking tool set from google.

DAST

Open Source

No

Burp suite

A web proxy used for penetration testing of web applications

DAST

Commercial

No