Courtesy : Sasikumar Ganesan
Product Name | Description | Purpose | Com/Open Source | CI |
---|---|---|---|---|
find_sec_bugs
Scans source code for vulnerable code, Has the abilty to integrate into developer machine. Effective with Java
SAST
Open Source
Yes
A SASS based source code review platform. Its free for open source projects. Can do both Java and javascript
SAST
Free
Yes
OWASP Zap proxy
This is the best we have and we should use the ZAP and automate all tests
DAST
Open Source
Yes
MS Baseline security Analyzer
In case we use a windows infrastructure then this tool is usefull.
Hardening
Free
No
Open Scap
We will need to create a custom profile and should be able to scan for hardened OS
Hardening
Free
Yes
Open Scap
Docker scanning
Docker scan
Free
Yes
Nessus Vulnerability Scanner
Vulnerability Scanning
Vulnerability Scanning
Commercial
No
Kali linux
OS with all the necessary tools to perform a pentest. This would be a lab setup and would be used as part of UAT testing
Penetration Testing
Open Source
No
Skipfish
Hacking tool set from google.
DAST
Open Source
No
Burp suite
A web proxy used for penetration testing of web applications
DAST
Commercial
No