Tips & Tricks
Types Of Apps
Websecurify Suite (secapps.com) is a diverse web security toolkit. This is why in order to make sense of all apps we divide them in different categories. In this page we will explore some of these categories and what they mean in practice.
The Automated Scanners
A scanner is a fully automated web security testing tool. Scanners generally require very little configuration and interaction. In most cases you just need to enter just the target. The best examples for tools in this category are the Scanner, Recon and Foundation.
The Mighty Fuzzers
A fuzzer is an automated tool, which makes use of invalid or otherwise unexpected input in order to discover vulnerabilities. The process is automated but you will have to configure the fuzzer with the correct payloads and also in most cases manually analyze the results for unexpected behavior. The best examples for tools in this category are Xmlfuzz, JSONFuzz and Formfuzz.
General Purpose Tools
The is a generic category and it mostly contains applications that do not fall under the scanners and fuzzers categories. The usage of these tools is diverse and more general purpose than other tools. In this category you will find tools such as HTTPView, Resend and Retest.
Utils are tiny apps that are good for one particular thing only. For example, RForge is such a tool. RForge is only useful for generating HTML pages for exploitation of CSRF vulnerabilities. This app is so tiny that we have put it as a util and not a tool.
Last but not least we have the Exploits category, which contains various apps for exploitation of many of the high-profile bugs we have worked on in the past. The exploits category is not fully advertised on the market due to the sensitivity of their nature. However, we can enable our exploitation tools on demand when specifically requested.