웹 어플리케이션 취약점 점검 도구를 잘 정리해 놓았네요.
출처 : http://projects.webappsec.org
The following list of products and tools provide web application security scanner functionality. Note that the tools on this list are not being endorsed by the Web Application Security Consortium - any tool that provides web application security scanning functionality will be listed here. If you know of a tool that should be added to this list, please contact Brian Shura at bshura73@gmail.com.
Commercial Tools
- Acunetix WVS by Acunetix
- AppScan by IBM
- Burp Suite Professional by PortSwigger
- Hailstorm by Cenzic
- MileScan Web Security Auditor by MileSCAN Technologies
- N-Stalker by N-Stalker
- Nessus by Tenable Network Security
- NetSparker by Mavituna Security
- NeXpose by Rapid7
- NTOSpider by NTObjectives
- Retina Web Security Scanner by eEye Digital Security
- WebApp360 by nCircle
- WebInspect by HP
- WebKing by Parasoft
Software-as-a-Service Providers
- AppScan OnDemand by IBM
- ClickToSecure by Cenzic
- QualysGuard Web Application Scanning by Qualys
- Sentinel by WhiteHat
- Veracode Web Application Security by Veracode
- WebInspect by HP
- WebScanService by Elanize KG
Free / Open Source Tools
- Grabber by Romain Gaucher
- Grendel-Scan by David Byrne and Eric Duprey
- Paros by Chinotec
- Powerfuzzer by Marcin Kozlowski
- SecurityQA Toolbar by iSEC Partners
- W3AF by Andres Riancho
- Wapiti by Nicolas Surribas