Security

Web Security Tools

  • Skipfish is a fully automated, active web application security reconnaissance tool which tries to address some of the common problems associated with web security scanners.
  • Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

Web Security Proxy Tools

  • Ratproxy detects security problems such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses and more.
  • The OWASP WebScarab Project is a Java framework for analysing web apps using HTTP and HTTPS. WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept and review both HTTP and HTTPS communication.

OAuth2

Hardware Security Modules (HSM)

Software-based data encryption can be strengthened by using a hardware security module (HSM) such as one of the follow.

Web Client Security Tools

  • DOM Snitch is a Chrome extension for validating client-side security.

Whitelisting

References