Security Testing Tools

1. This lightweight and easy-to-use network security testing tool can detect vulnerabilities related to TLS injection, SQL injection, MiTM attacks, and SSL certificate verification.

2. Developed by Google, it can be set up as a router, VPN server, or proxy.

3. Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet.

4. Nogotofail

4.1. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

4.2. Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.

5. Ironwasp

5.1. IronWASP (Iron Web Application Advanced Security testing Platform) is an open source tool used for web application vulnerability testing.

5.2. It is designed in such a way that users having the right knowledge can create their own scanners using this as a framework.

6. Few features of IronWasp

6.1. Its GUI based

6.2. Can generate reports in HTML as well as RTF formats

6.3. Built-in scripting engine that supports Python and Ruby

6.4. Extensible via plug-ins or modules in Python, Ruby, C#, or VB .NET

6.5. It is bundled with a number of modules built by independent security researchers such as WiHawk, IronSAP, CSRF PoC Generator, XMLChor, etc.

7. IronWASP tests for a number of vulnerabilities such as:

7.1. XSS (Cross Site Scripting)

7.2. CSRF (Cross Site Request Forgery)

7.3. Missing Function Level Access Control