OWASP Developer Guide

Verification Tools

6.2 Verification tools

Verification is one of the business functions described by the OWASP SAMM.

The SAMM Security Testing activity describes the use of both automated security testing and manual expert security testing to discover security defects. This security testing should be automated as part of the development, build and deployment processes; and can be complemented with regular manual security penetration tests.

Automated security testing tools are fast and scale well to numerous applications, whereas manual security testing of high-risk components requires good knowledge of the application and its business logic.


6.2.1 Zed Attack Proxy
6.2.2 Amass
6.2.3 Offensive Web Testing Framework
6.2.4 Nettacker
6.2.5 OWASP Secure Headers Project

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.