Top It security Tools For web developers to Make their websites and web applications secure

Most attacks on a web-site or web application can be prevented by exercising some caution by the web developer during and after application development. Study reveals that 70% of web sites have vulnerabilities that can lead to theft of valuable data or defacement. Some of  the threats an web application might have are  1)Cross site scripting 2)Sql Injection 3)Command injection  4) Cookie Poisoning  5)Directory traversal or forceful browsing  6)Authentication Hijacking  7)Zero Day attack  8)Platform Exploit 9) Log tampering  ,etc. But most of these attacks can be prevented by some countermeasures. Now in this post I will be discussing how to detect the common web vulnerabilities of your website after you have developed it using some easy to use tools. Knowing these vulnerabilities will make you able know to more about their remedies.

1)Acunentix Web Vulnerability Scanner

Acunetix web vulnerability scanner is a tool designed to discover security holes in your web applications.It looks for multiple vulnerabilities including SQL injection, cross site scripting, and weak passwords.The application can be used to perform scanning for web and application vulnerabilities and to perform penetration testing against the identified issues. Mitigation suggestions are then provided for each weakness and can be used to increase the security of the web server or application being tested. It is easy to use and a free edition is also available.

Download link  http://www.acunetix.com/

 

2) AppScan 

AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007

Download link http://www.ibm.com/developerworks/downloads/r/appscan/

  

3) DirBuster 

DirBuster searches for hidden pages and directories on a web server. Sometimes developersl leaves a page accessible, but unlinked; DirBuster is meant to find these potential vulnerabilities.This is a Java application developed by OWASP.

Downlink https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Download

4) CookieDigger

CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.     

Download link http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/cookiedigger.aspx

5) dotDefender

dotDefender is a web application security solution (a Web Application Firewall, or WAF) that offers strong, proactive security for your websites and web applications. It blocks attacks that are manifested with HTTP request logic such as sql injectin,proxy takeover,header tampering etc and other known attacks.

By- Sourav

02:42 by Chetan · 1

A FORMAL INTRODUCTION WITH REVERSE ENGINEERING

 

When I was a kid I had the habit of or say the passion of opening up machines and looking inside with deep enthusiasm the parts and particles inside. Even the battery used in torchlight couldn’t escape. And in this process many a times I ended with mending some of my toy cars and breaking down our old radio, VCR several watches and many and took some really memorable electric jolts. So before becoming nostalgic let me come to the topic and here we go.. 

What is reverse Engineering?
Often stated in EULAs (End User Licence Agreement) as being forbidden, however it is rarely ever “defined” Reverse engineering is the process of extracting the knowledge or design blueprints from anything man-made or sometimes natural. The concept of reversing has been around since long before computers or modern technology, and probably dates back to the days of the industrial revolution or may be even before.

Like software engineering, software reverse engineering is a purely virtual process, involving only a CPU, and human intelligence. Reverse Engineering understands how a proprietary piece of software works. Software reverse engineering integrates several arts: code breaking, puzzle solving, programming, and logical analysis. All this stuff makes reversing quite interesting. Try and you will realize.

Uses

Generally, there are two categories of reverse engineering applications: security-related(both good and bad) and software development–related.

15:19 by Sourav · 0