Best Opensource Tool available for Security Testing of Web applications



  • I'm on to an R & D task for testing the security vulnerabilities that can happen in a web application. I want to use an open source tool.

    There are many type of vulnerabilities like Cross Site Scripting, Denial of Service, File Access, Format Validation, Mass Assignment, SQL Injection, Session Setting, etc. So, I would like to have a best fit cross platform tool to do penetration testing in a best possible way.

    I've gone through Security testing of web application and Open source web security testing tools, and I found it useful. But, as it was posted a year ago, I would like to have an updated answer.



  • I have no experience with security testing of web-applications. But if you look at alternatives to Burp which Sam Woods mentions. Then w3af looks like a solid open-source alternative.

    w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

    Alternativeto.net also lists some other open-source projects not mentioned in your linked lists.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2