Security testing is a testing technique to determine if an information system protects data and maintains functionality as intended. It also aims at verifying 6 basic principles as listed below:
·
Confidentiality
·
Integrity
·
Authentication
·
Authorization
·
Availability
·
Non-repudiation
Open
Source/Free Security Testing Tools:
Product
|
Vendor
|
URL
|
FxCop
|
Microsoft
|
https://www.owasp.org/index.php/FxCop
|
FindBugs
|
The University of Maryland
|
http://findbugs.sourceforge.net/
|
FlawFinder
|
GPL
|
http://www.dwheeler.com/flawfinder/
|
Ramp Ascend
|
GPL
|
http://www.deque.com
|
Commercial
Security Testing Tools:
Product
|
Vendor
|
URL
|
Armorize CodeSecure
|
Armorize Technologies
|
http://www.armorize.com/index.php?link_id=codesecure
|
GrammaTech
|
GrammaTech
|
http://www.grammatech.com/
|
Appscan
|
IBM
|
http://www-03.ibm.com/software/products/en/appscan-source
|
Veracode
|
VERACODE
|
http://www.veracode.com
|