Security Tools

Product Name

Description

Purpose

Com/Open Source

find_sec_bugs

Scans source code for vulnerable code, Has the abilty to integrate into developer machine. Effective with Java

SAST

Open Source

Yes

A SASS based source code review platform. Its free for open source projects. Can do both Java and javascript

SAST

Free

Yes

OWASP Zap proxy

This is the best we have and we should use the ZAP and automate all tests

DAST

Open Source

Yes

MS Baseline security Analyzer

In case we use a windows infrastructure then this tool is usefull.

Hardening

Free

Open Scap

We will need to create a custom profile and should be able to scan for hardened OS

Hardening

Free

Yes

Open Scap

Docker scanning

Docker scan

Free

Yes

Nessus Vulnerability Scanner

Vulnerability Scanning

Commercial

Kali linux

OS with all the necessary tools to perform a pentest. This would be a lab setup and would be used as part of UAT testing

Penetration Testing

Open Source

Skipfish

Hacking tool set from google.

DAST

Open Source

Burp suite

A web proxy used for penetration testing of web applications

DAST

Commercial

Courtesy : Sasikumar Ganesan

PreviousRegistration Client Developer Documentation NextTesting

Last updated 2 years ago