10 Best Security Tools and Applications for Developers
Every month we bring new and recently released applications and tools for our audience, today, We have collected 10 of the useful security tools and applications for developers that will to help you simplify your website and development related tasks and keep your website a step ahead of the competition. We hope you will find a few of these Security Tools and Applications below beneficial to your development needs.
1. Skipfish : Fully Automated Web Application Security Scanner
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.
The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
jCryption at it’s current state is no replacement for SSL, because there is no authentication, but the main goal of jCryption should be a very easy and fast to install plugin which offers a base level of security.
3. PHPSecInfo : Security Inforatmion about PHP Enviornment
PHP Security Consortium (PHPSC) is an international group of PHP experts dedicated to promoting secure programming practices within the PHP community. Members of the PHPSC seek to educate PHP developers about security through a variety of resources, including documentation, tools, and standards. You can read the PHP Security Guide they have published. PHPSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.
4. Suhosin : Advanced Protection System for PHP
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.
5. reCaptcha : Prevent Spam and Help Digitize Books
A CAPTCHA is a program that can tell whether its user is a human or a computer. You’ve probably seen them — colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from “bots,” or automated programs usually written to generate spam.
reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA.
6. aSSL : Open Source Ajax Secure Service Layer
7. NetSparker Community Edition
This is the free-community edition of the powerful Netsparker which still comes with a bunch of features and also false-positive-free. The application can detect SQL Injection + cross-site scripting issues. Once a scan is complete, it displays the solutions besides the issues and enables you to see the browser view and HTTP request/response.
Websecurify is a very easy-to-use and open source tool which automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies. It can create simple reports (that can be exported into multiple formats) once ran. The tool is also multilingual and extensible with the add-on support.
PHPSecInfo is a PHP environment security auditing tool which can be useful as part of a multilayered security approach. The script runs a series of tests to identify potential security issues and offer suggestions. It can be reached easily by calling the “index.php” files after uploading the project folder. PHP Security Consortium also has a PHP security guide which you may want to check out.
10. HTML Purifier
Secure input and data handling is hard when it comes to HTML because of many different types of malicious code (XSS). HTML Purifier is a well documented, standards-compliant HTML filter library written in PHP. It simply
• Removes all malicious code (better known as XSS) with an audited, secure yet permissive whitelist.
• Makes sure your documents are standards compliant.
HTML Purifier requires PHP 5 (PHP 4 versions are not supported any more but can be downloaded). It saves so much time while developing & offers much more expertise than most of the self-coded data-handling libraries asHTML Purifier is concentrated only in this area.