Sunday, 14 June 2015

Testing security



Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. It also aims at verifying 6 basic principles as listed below:
·         Confidentiality
·         Integrity
·         Authentication
·         Authorization
·         Availability
·         Non-repudiation

Open Source/Free Security Testing Tools:
Product
Vendor
URL
FxCop
Microsoft
https://www.owasp.org/index.php/FxCop
FindBugs
The University of Maryland
http://findbugs.sourceforge.net/
FlawFinder
GPL
http://www.dwheeler.com/flawfinder/
Ramp Ascend
GPL
http://www.deque.com
Commercial Security Testing Tools:
Product
Vendor
URL
Armorize CodeSecure
Armorize Technologies
http://www.armorize.com/index.php?link_id=codesecure
GrammaTech
GrammaTech
http://www.grammatech.com/
Appscan
IBM
http://www-03.ibm.com/software/products/en/appscan-source
Veracode
VERACODE
http://www.veracode.com