Security Tools Comparison

Several automated tools are available that scan web applications to look for known security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration. These scans are usually done from the outside. Scanning using such tools are usually the first step in any vulnerability analysis. This phase is commonly referred as Dynamic Application Security Testing, where the application is tested in its operating state.

Dynamic Application Security Testing can be combined with Static Application Security Testing (SAST), which invloves source code testing to find out vulnerabilites in design and construction flaws. Together, DAST and SAST look at both sides of an application to prune out potential vulnerabilities.

Some of the tools used are: