Web Application Firewall (WAF) Testing Framework - Find Out If Your Application Security Controls Work

Imperva has developed a free evaluation toolkit that enables you to test your application security solution—your Web application firewall or network firewall or intrusion prevention system—and find out if it can stop advanced application attacks. The Web Application Firewall (WAF) Testing Framework conducts over 150 tests, including SQL injection, cross site scripting, and remote file inclusion. It leverages the same evasion techniques used by hackers to bypass simple signature-based solutions and it generates a report that reveals
overall security efficacy.

Measure False Positives
While you need to safeguard your applications, your ironclad defenses should not block legitimate users. You should evaluate whether your security solution can stop attacks without blocking valid traffic. The WAF Testing Framework determines the rate of false positives by inserting legitimate, but potentially suspicious, input into form fields and parameters. It produces clear, informative reports that summarize false positives and false negatives, allowing you to gauge the accuracy of your security solution.

The WAF Testing Framework allows you to:

• Quickly evaluate the effectiveness of your application security solution
• Recognize if your security controls might block legitimate users
• Examine stateful attacks like cookie tampering and Cross Site Request Forgery (CSRF)
• Produce clear, concise reports that illustrate overall security status
• Extend the baseline set of security assessments to include custom tests

Application Security Test Environment

The WAF Testing Framework provides everything you need to test your application security controls. It includes a Java-based executable for Windows and WebGoat, an intentionally insecure Web application developed by OWASP. Download the WAF Testing Framework today to evaluate your Web application firewall today.

Download now 91.1 MB

Software RequirementsOperating Systems:
Windows XP/Vista/7/
Server 2003/Server 2008,
Redhat Linux
Sun Java JRE 1.6+File Size:

Source-

http://www.imperva.com/products/wsc_web-application-firewall-testing-framework.html

Recon-ng - Web Reconnaisance framework written in Python

Recon-ng is a full-featured Web Reconnaisance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! See the Usage Guide for more information.

Recon-ng is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Each module is a subclass of the "module" class. The "module" class is a customized "cmd" interpreter equipped with built-in functionality that provides simple interfaces to common tasks such as standardizing output, interacting with the database, making web requests, and managing API keys. Therefore, all the hard work has been done. Building modules is simple and takes little more than a few minutes. See the Development Guide for more information.

Repository site-

https://bitbucket.org/LaNMaSteR53/recon-ng

Source code-

https://bitbucket.org/LaNMaSteR53/recon-ng/src

Source-

http://pauldotcom.com/2013/01/the-recon-ng-framework---offic.html
http://seclists.org/pauldotcom/2013/q1/55