A tool for each of the OWASP Top 10 to aid in discovering and remediating each of the Top Ten vulnerabilities! If you’ve spent any time defending web applications as a security analyst, or perhaps as a developer seeking to adhere to SDLC practices, you have likely utilized or referenced the OWASP Top 10. Intended first as an awareness mechanism, the Top 10 covers the most critical web application security flaws via consensus reached by a global consortium of application security experts. The OWASP Top 10 promotes managing risk via an application risk management program, in addition to awareness training, application testing, and remediation. Yet, to manage such risk as an application security practitioner or developer, an appropriate tool kit is necessary. There are long list of tools discussed and with nice tutorial for most of them. Following is a risk and tool matrix.   RISK TOOL A1: Injection ……………………………………………………. SQL Inject Me A2: Cross-Site Scripting (XSS)………………………………  ZAP A3: Broken Authentication and Session Management. HackBar A4: Insecure Direct Object References ………………….. Burp A5: Cross-Site Request Forgery (CSRF) …………………. Tamper Data A6: Security Misconfiguration …………………………….. Watobo A7: Insecure Cryptographic Storage…………………….. N/A A8: Failure to Restrict URL Access……………………….. Nikto/Wikto A9: Insufficient Transport Layer Protection…………… Calomel A10: Unvalidated Redirects and Forwards……………… Watcher Click here to read the full article! … [Read more...]