Open Source Application Vulnerability Assessment Tools

["Brokken, Allen P." <BrokkenA () missouri edu>]

On this list we talk a lot about various vendor provided tools quite a
bit.  In general it appears most solutions are Windows-centric in their
installation even if they work against multiple platforms.  

With the prevalence of LAMP systems I would figure there must be some
means of doing a security assessment on their applications with native
tools.  It seems odd to me that there isn't a NESSUS equivalent for
application testing.  I'm wondering what is available from the Open
Source community in the way of

* Black Box web assessment software
* Source code assessment software
* Assessment management software

I'm more looking for names/urls to projects than I am for any
comparisons or descriptions.

Allen Brokken

Information Security and Account Management - IAT Services - University
of Missouri -brokkena () missouri edu - (573)884-8708


-------------------------------------------------------------------------
Sponsored by: Watchfire

It's been reported that 75% of websites are vulnerable to attack. That's
because hackers know to exploit weaknesses in web applications.
Traditional approaches to securing these assets no longer apply. Download
the "Addressing Challenges in Application Security" whitepaper today, and
see for yourself.

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmw
--------------------------------------------------------------------------