Web Application Testing Tools

OWASP Zed Attack Proxy

Every web application penetration tester needs vulnerability scanner.   The OWASP Zed Attack proxy will become your best friend.  Easy to use and setup, this integrate penetration testing tool will find a wide range of vulnerabilities.  From direct browsing to persistent cross-site scripting, this tool will find them all.  The best part… it’s totally free.

Download: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Fiddler Intercepting Proxy

This tool is the bread and butter for any web application penetration tester.  Fiddler gives you the power to intercept HTTP/HTTPS traffic allows you to display and modify requests and responses using a man-in-the-middle decryption technique.  Privilege escalations, script injections, filter bypasses, and more all become easily executable with this intuitive and simple tool.

Download: http://www.telerik.com/fiddler

Burp Suite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Download: http://portswigger.net/burp/download.html