Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Overview

...


Tool NameDescription
Static analysisCoverityThis tool finds defects and security vulnerabilities in custom source code written in C, C++, Java, C#, JavaScript and more

Veracode Veracode provides multiple security analysis technologies on a single platform, including static analysisdynamic analysis, mobile application behavioral analysis and software composition analysis.

Helix QACHelix QAC is QAC is the most accurate static code analyzer for C and C++.

CodeSonarCodeSonar performs a unified dataflow and symbolic execution analysis that examines the computation of the entire program.
Dynamic analysisangrangr is a platform-agnostic binary analysis framework. It performs
  • Disassembly and intermediate-representation lifting
  • Program instrumentation
  • Symbolic execution
  • Control-flow analysis
  • Data-dependency analysis
  • Value-set analysis (VSA)
  • Decompilation

KLEEKLEE is KLEE is a symbolic virtual machine built on top of the LLVM compiler infrastructure, and available under the UIUC open source license.

Valgrind Valgrind tool  Valgrind tool suite provides a number of debugging and profiling tools.

LLVM/Clang Sanitizers

It is a fast memory error detector. It consists of a compiler instrumentation module and a run-time library. The tool can detect the following types of bugs:


FlowDroid (Java)FlowDroid is FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool, it could be leveraged to scan Java Bytecode.
Pen testMetasploitThe Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

AutosploitAutoSploit attempts to automate the exploitation of remote hosts.

ArmitageArmitage is a graphical cyber attack management tool for the Metasploit.

cisco-global-exploiterCisco Global Exploiter Exploiter (CGE), is an advanced, simple and fast security testing tool .

OWASP Zed Attack Proxy (ZAP)OWASP ZAP is an open-source web application security scanner. 
Fuzzing testOSS-FuzzOSS-Fuzz conducts continuous fuzzing of open source softwares.

AFLAmerican fuzzy lop is a fuzzer that employs genetic algorithms in order to efficiently increase code coverage of the test cases.
Vulnerability analysisCybellumCybellum VCybellum V-Ray ™. Gives full component visibility and risk assessment, based on automated vulnerability detection.

VeracodeIt secures the applications you build, buy, & manage

OpenVASThe OpenVAS scanner The OpenVAS scanner is a comprehensive vulnerability assessment system that can detect security issues in all manner of servers and network devices.

WiresharkWireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

Nessus ProfessionalNessus helps Nessus helps the security pros on the front lines quickly and easily identify and fix vulnerabilities - including software flaws, missing patches, malware, and misconfigurations.

John the RipperJohn the Ripper is a free password cracking software tool.
Stress TestSlowHTTPTestIt is a Application Layer DoS attack simulator.

OVS+TcpReplayIt is a high throughput packet generator.

...