最近在开始学习一些安全工具的使用,往bt4上装了不少
Test sites / testing grounds
HTTP proxying / editing
RSnakeâs XSS cheat sheet based-tools, webapp fuzzing, and encoding tools
HTTP general testing / fingerprinting
Browser-based HTTP tampering / editing / replaying
Cookie editing / poisoning
Ajax and XHR scanning
RSS extensions and caching
SQL injection scanning
Web application security malware, backdoors, and evil code
Web application services that aid in web application security assessment
Browser-based security fuzzing / checking
PHP static analysis and file inclusion scanning
PHP Defensive Tools
PHP-Login-Info-Checker â Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?testlic
<a href="http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip">http://yehg.net/lab/pr0js/files.php/log ... erv0.1.zip</a>
<a href="http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip">http://yehg.net/lab/pr0js/files.php/php ... r_demo.zip</a>
Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources
Web services enumeration / scanning / fuzzing
Web application non-specific static source-code analysis
Static analysis for C/C++ (CGI, ISAPI, etc) in web applications
Java static analysis, security frameworks, and web application security tools
Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET
Visual Studio 2008 Code Analysis, available in:
Visual Studio 2005 Code Analyzer, available in:
FxCop:
Microsoft internal tools you canât have yet:
<a href="http://www.microsoft.com/windows/cse/pa_projects.mspx">http://www.microsoft.com/windows/cse/pa_projects.mspx</a>
<a href="http://research.microsoft.com/Pex/">http://research.microsoft.com/Pex/</a>
<a href="http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf">http://www.owasp.org/images/5/5b/OWASP_ ... zzGuru.pdf</a>
Threat modeling
Add-ons for Firefox that help with general web application security
Add-ons for Firefox that help with Javascript and Ajax web application security
Bookmarklets that aid in web application security
SSL certificate checking / scanning
Honeyclients, Web Application, and Web Proxy honeypots
Blackhat SEO and maybe some whitehat SEO
Footprinting for web application security
Database security assessment
Browser Defenses
Browser Privacy
Application and protocol fuzzing (random instead of targeted)
![Java String.format方法的简单使用[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)