WS-Attacker is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.

Download: http://sourceforge.net

User Guide: http://mesh.dl.sourceforge.net

via : http://security-sh3ll.blogspot.com/2011/02/ws-attacker-v10.html

BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which command module and at which target.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules in real-time. Each browser is likely to be within a different security context. This provides additional vectors that can be exploited by security professionals

@beefproject – now with keylogger!

Download : http://code.google.com

Source : http://security-sh3ll.blogspot.com/2011/01/beef-v0421-released.html

The Secure Web Application Framework Manifesto is a document detailing a specific set of security requirements for developers of web application frameworks to adhere to. The manifesto centers around the following beliefs:

-Frameworks that are „secure by default‟ will yield a dramatic reduction in the number of common web application security vulnerabilities.
-Application security experts should provide, on a regularly basis, updated guidance to framework developers on how to incorporate mechanisms to avoid newly discovered vulnerabilities

Download PDF

Source : security-sh3ll