Security of a web application is very important, now a days there are so many vulnerabilities that can easily find and exploit by a hacker, so if you want to secure your web application you need to do a pen-test on your own web application find vulnerabilities and fix it before an attacker find and exploit it.
There are so many tools available for doing pen testing, you can use some commercial as well as open source tools to do this.
- Sandcat – Web Application Security Scanner
- Wapiti-Web application vulnerability scanner
- Netsparker- Free Web Application Security Scanner
- Websecurify- Website Security Testing Tool
- XSSer- Cross Site Scripting Penetration Tool
- Sqlmap- Automatic SQL Injection Tool
Beside each and everything there is a complete frame work for web application testing, this frame work is known as Samurai Web Testing Framework.
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.