(Page 1 of 3)   1 2 3  Next >

Category: Authentication » Web

Added 2008-11-03
by Andres Riancho
w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

IIS Secure Parameter Filter (SPF)
Added 2008-08-22
by Brian Holyfield / Gotham Digital Science
SPF is an application security module designed for Microsoft IIS web servers. SPF uses cryptography to dynamically secure embedded application parameters at runtime (Query String Values, Form Inputs & Cookies). SPF does not require any changes to the underlying application code and provides instant protection against parameter tampering, URL manipulation and replay attacks. SPF also includes the capability to define forbidden input patterns (Black-Lists) using regular expressions to block known attack signatures.

BeEF - Browser Exploitation Framework
Added 2007-07-23
by Wade Alcorn
BeEF is the browser exploitation framework. A professional tool to demonstrate the real-time impact of XSS browser vulnerabilities. Development has focused on creating a modular structure making new module development a trivial process with the intelligence residing within BeEF. Current modules include the first public Inter-protocol Exploit, a traditional browser overflow exploit, port scanning, keylogging, clipboard theft and more.

Added 2006-04-28
by Infinitrust Private Limited
This is a public key based authentication model that works by verifying whether the user is in posession of his private key. The user should have Keygloo installed in his system for authenticating himself into any Keygloo enabled web application. During login time, the user will be thrown a challenge password encrypted using his public key. The user can decrypt the password by clicking a 'Decrypt' button which appears in his toolbar after installing Keygloo. The decrypted password is submitted to the Keygloo enabled application by clicking a 'submit' button on the page. The Keygloo enabled applcation then authenticates the user into the system by comparing the decrypted password with the original challenge password. A demonstration of how the model works can be found at http://www.keygloo.com/Authentication/auth_kgnum.html. Keygloo is free to download and install from http://www.keygloo.com/Downloads.htm.

Added 2006-02-04
by nmonkee
BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named "Data Thief" that was published as PoC by appsecinc. BobCat can exploit SQL injection bugs/opportunities in web applications, independent of language, but dependent on MS SQL as the back end DB.

Acunetix Web Vulnerability Scanner
Added 2006-01-09
by Acunetix Ltd
Audit your website security: Acunetix Web Vulnerability Scanner checks your web applications (shopping carts, forms, dynamic content, etc.) for vulnerabilities to SQL injection, Cross site scripting & other web attacks. Hackers are concentrating their efforts on websites: 75% of cyber attacks are launched on web applications! Scan your web site today and find vulnerabilities before hackers do!

Added 2005-12-15
by Emmanouel Kellinis
JProbe will check remotely for supported cipher suites on a webserver. It will also check for redirections in case a cipher is supported but the client is then directed to a "not valid cipher" page. JProbe also will export the results to an HTML page. (Additionally you can set cookies)

Added 2005-12-02
by pak76
Thor is Internet Explorer driven tool for manual web application testing. Both security professionals and testers found it useful while testing web applications. You can control (intercept and change) what web forms submit to web servers, see the source code of the page and/or manipulate cookies. It supports frames and, if required, it is possible to use HttpWebRequest instead of IE navigation. Built for .NET Framework 2.0 and, as it uses IE COM control, it requires FullTrust. Sorry, no proper web page or manual yet, but give me a shout if you need more information... pak76

Added 2005-11-03
by Michael Hendrickx, CISSP
LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html <form> tags , which often refer to dynamic pages that might be subject to sql injection or other flaws.

Added 2005-05-10
by Virtual Forge
V-Force is an instrument with whose help attacks on web server or applications can be simulated and the results logged and analyzed.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus