Netsparker Web Application Security Scanner

ToolsWatch is using Netsparker Web Application Security Scanner to identify vulnerabilities.


Tools Best2013_Voted

Published on December 19th, 2013 | by NJ Ouchn

19

2013 Top Security Tools as Voted by ToolsWatch.org Readers

2013 Top Security Tools as Voted by ToolsWatch.org Readers NJ Ouchn
Love it - 100%
Hate it - 40%
Dude, where's my fav tool ? - 40%

Summary:

60%


User Rating: -1.8 (183 votes)

Dear all,

I am honored to present the 2013 Top Security Tools as voted by users and readers. As you may have noticed, this vote was slightly particular. Indeed, I have intentionally omitted the usual pre-configured list to not limit the people choice and give them the opportunity to vote freely and in a good conscience. And amazingly it works.

I also had an awesome entry. It was like My brain with comment “A tool is worthless unless you have a brain behind it :-)“. It was from Kevin Mitnick (confirmed). Anyway, this one was good and absolutely true. Tools actually just help out to achieve what your brains are scheming and plotting.

Best2013_Voted

In fact, i have just realized that the survey was such a good idea as i discovered new gems. Therefore, it will be a great opportunity to cover them in separate posts.

Enough talking, here are the 2013 Top 10 Security Tools as voted by ToolsWatch.org Users and Readers

Top 10 – Best Security Tool of the year 2013

RANK 1

OWASP ZAP – Zed Attack Proxy Project

zap-banner-square

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Link >> https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Testimonials

“Full of features, stable and actively maintained”

“Best intercepting proxy for doing web application pentesting. It’s free and has advanced functionalit”

“My goto attack proxy application”

“Simply the best open-source application vulnerability scanner”

“Fuzzing and injection are simple and intuitive”

RANK 2

BeEF – The Browser Exploitation Framework Project

beef

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Link >> http://beefproject.com/

Testimonials

“BeEF really shines when it comes to demonstrating the possibilities of XSS to clients. It always blows them away!”

“Great tool for client-side and browser exploitation”

 

RANK 3

Burp Suite

portswigger-logo

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Link >> http://portswigger.net/burp/

 

RANK 4

PEStudio

PeStudio is a free tool performing the static investigation of any Windows executable binary. A file being analyzed with PeStudio is never launched. Therefore you can evaluate unknown executable and even malware with no risk. PeStudio runs on any Windows Platform and is fully portable, no installation is required. PeStudio does not change the system or leaves anything behind.

Link >> http://www.winitor.com/

 

RANK 5

OWASP Xenotix

xenotix

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

Link >> http://opensecurity.in/owasp-xenotix-xss-exploit-framework-v4-5-relesed/

 

RANK 6

Lynis The Hardening Unix Tool

Lynis is a security tool to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks, looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the end of the scan it will provide the warnings and suggestions to help you improving the security defense of your systems.

Link >> http://cisofy.com/lynis/

 

RANK 7

Recon-NG The Web Reconnaissance Framework

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! See the Usage Guide for more information.

Link >> https://bitbucket.org/LaNMaSteR53/recon-ng

 

RANK 8

Suricata The Network IDS/IPS

suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

Link >> http://suricata-ids.org/

 

RANK 9

WPScan WordPress Security Tool

wpscan_logo_407x80

WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations.

Link >> http://wpscan.org/

 

RANK 10

O-SAFT OWASP SSL Advanced Forensic Tool

owasp_logo

This tool lists information about remote target’s SSL certificate and tests the remote target’s SSL connection according given list of ciphers and various SSL configurations.

  • show SSL connection details
  • show certificate details
  • check for supported ciphers
  • check for ciphers provided in your own libssl.so and libcrypt.so
  • check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
  • check for protections against attacks (BEAST, CRIME, RC4 Bias, …)
  • may check for a single attribute
  • may check multiple targets at once
  • can be scripted (headless or as CGI)
  • should work on any platform (just needs perl, openssl optional)
  • scoring for all checks (still to be improved in many ways ;-)
  • output format can be customized
  • various trace and debug options to hunt unusual connection problems

Link >> https://www.owasp.org/index.php/O-Saft

Other Security Tools that entered the contest and voted by few users (no particular order)

Download Post in PDF Save Post as PDF

Tags:


About the Author

Principal Founder & Maintainer - Freelancer ICS/SCADA Security Expert As part of my research, I'm focusing into maintaining many projects as the DPE (Default Password Enumeration), vFeed® the open source correlated & cross-linked vulnerability database and FireCAT the Firefox Catalog of Auditing exTensions. Today, I'm the co-organizer of the major event Blackhat Arsenal Tools (US and Europe) since 2011 and since 2014 co-organizer of Rooted Warfare in Spain. I'm going by the handle of @toolswatch on Twitter and always willing to help, share and drink with friends from far and wide.



19 Responses to 2013 Top Security Tools as Voted by ToolsWatch.org Readers

  1. Pingback: HackerOps » Top 10 de las mejores herramientas de seguridad del 2013 de ToolsWatch

  2. Samantha Groves says:

    Well done, OWASP!

  3. Pingback: Your current security setup?

  4. Bruce says:

    Owasp really do have amazing tools – I love zaproxy for its ease of use and regular updates.

  5. Oh my goodness! Awesome article dude! Thank you so much,
    However I am encountering difficulties with your RSS.
    I don’t know why I am unable to join it. Is there anybody having similar RSS problems?
    Anybody who knows the answer will you kindly respond? Thanks!!

  6. Everyone loves it when individuals come together and share opinions.

    Great blog, stick with it!

    Visit my page … Project Spark Beta Free Download

  7. Pingback: 10 ferramentas de #segurança que você deve conhecer já! | Dicas do Italo

  8. clh says:

    most interesting and very topical site keep up the good work

  9. HideMyAss says:

    Great post. I used to be checking continuously this blog and I’m inspired!
    Very useful info specifically the final part :) I take care of such information much.
    I used to be looking for this particular info for a very long time.
    Thank you and best of luck.

    My web page; HideMyAss

  10. I’m not that much of a online reader to be honest but your
    blogs really nice, keep it up! I’ll go ahead and bookmark your website to come back later.
    Cheers

    Here is my homepage … emulateur ps3

  11. Pingback: NovoGeek.com - Krishna's weblog | My experiences at NullCon 2014

  12. wiesner says:

    That may be really attention-grabbing, You are an exceedingly expert blogger. I have become a member of your own nourish and turn upward intended for trying to get more of your current magnificent submit. Furthermore, I’ve embraced your web site around my web sites

  13. Fawn says:

    Hello exceptional blog! Does running a blog like
    this require a great deal of work? I’ve virtually no knowledge of computer programming but I
    had been hoping to start my own blog in the
    near future. Anyhow, should you have any suggestions or tips for new blog owners please share.
    I know this is off topic however I just needed to ask.
    Thanks!

  14. Chanel says:

    Hi, for all time i used to check webpage posts here in the early hours in the morning,
    since i enjoy to find out more and more.

    Also visit my site; refrigerator troubleshoot (Chanel)

  15. Hi there! I’m at work browsing your blog from my new apple iphone!
    Just wanted to say I love reading through
    your blog and look forward to all your posts!
    Keep up the superb work!

  16. Pingback: 10 ferramentas de #segurança que você deve conhecer já! | Tecnologiasinha

  17. shampo noni says:

    Thanks a bunch for sharing this with all of us you really understand what you are speaking approximately!
    Bookmarked. Kindly also seek advice from my site =).
    We will have a link change contract between us

  18. A motivating discussion is definitely worth comment. I do think that you need to publish more
    on this issue, it may nnot be a taboo subject but typically folks don’t discuss these topics.
    To tthe next! Best wishes!!

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Back to Top ↑