Share on social networks!

Some tools for cybersecurity testing

To ensure that data within any information system remains secure and is not accessible by unapproved users, we perform security testing. 

Security testing helps protect systems and applications from threats; They detect glitches, errors and other inefficiencies, and prevent these applications from crashing or stopping working as expected.

The main objectives of security testing implementation are:

  • Help improve product safety and lifespan.
  • Identify and fix various security issues in the early stage of development.
  • Rate the stability in the current state.

But it would be a mistake if we do these tests only in the production phase, since they help discover loopholes and failures in an application from the development stage. To begin with, it is very important to determine if the code has been written correctly. To do this, we will use different tools that allow us to evaluate it and, in turn, provide feedback on its status. For example:


Code Quality and Code Security | SonarQube

It is an open source security testing tool. It allows you to perform a static analysis of the code, a function that is very useful to verify its quality. 

In addition, it is one of those that we study in our Master in Cybersecurity Management, Ethical Hacking and Offensive Security, specifically in the subject “Security in software development”.

This tool is capable of exposing existing vulnerabilities in coding, which can lead to future security incidents. 

One of its advantages is that it supports more than 20 programming languages. Each of them has a series of rules that allow detecting general or specific problems of a particular language. It easily integrates with tools like Jenkins, for example, classifies issues based on risk level, among others.


Wapiti – free web-application vulnerability scanner | by Pentestit | Medium

If our intention is to know the existing vulnerabilities in an application or web page, we can use tools like Wapiti.

Free open source. Find possible vulnerabilities from black box security. This tool only scans the web page, not its source code. It is considered very useful in the initial phases of penetration testing and is also easy to use.

Wapati is capable of detecting the following vulnerabilities

  • Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections)
  • Cross Site Scripting (XSS) 
  • File disclosure detection 
  • Command Execution detection
  • XXE (Xml eXternal Entity) injection
  • CRLF Injection

How is it installed? 

If we are working on our Kali machine or any Debian or Ubuntu based system, we can use the following command line: 

sudo apt install wapiti


Exploiting SQL Injection Vulnerability with sqlmap - Byte Mind

Tool that will help us test/automate the process of detecting and exploiting SQL injections.

Supports a wide variety of database engines such as MySQL, Oracle, PostgreSQL, Microsoft SQL Server, SQLite, etc., which allows testing many specific characteristics of each of them and to check their security.

Once the tool detects vulnerabilities and code injections that can be performed, the user can choose from a variety of options to perform the penetration test; recover user and database, list users, password hashes, privileges, databases, dump entire or user-specific tables/columns, and more.

Do you want to know what other tools we can use to audit and test our code or application?

Take our cybersecurity master's degree and you will become a real crack!

Subscribe to our newsletter to stay up to date with all the news

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SA as the person responsible for this website. The purpose of collecting and processing personal data is to respond to the query made as well as to send information about the services of the data controller. Legitimation is the consent of the interested party.
You can exercise your rights of access, rectification, limitation and deletion of data in compliance@grupomainjobs.com as well as the right to file a claim with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find in our Web page
Master Cybersecurity Professional Master

Leave a comment