Open Source QA Automation Software

Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and other

Orizon is a framework intended to provide tools and facilities to test java sources for security flaws. The main goal is to detect common threats as described in Owasp top 10 vulnerability document.

BogoSec is a utility that calculates source code security quality metrics. A flexible framework interprets the results of existing scanners to compute these metrics. BogoSec is useful to track security quality across releases and competing packages.

The cibet framework provides developers with functionality of the following topics: - Dual Control (4-Eyes Principle ...) - Extended Authorisation (Enhance Spring Security, Apache Shiro ...) - Extended Logging (Archiving, tracking, Redo, Restore ...)

Automated Fuzztests for JUnit

A simple and incredibly powerful tool for scripting and fuzzing arbitrary network protocols written using the Chicken Scheme-to-C compiler.

IdMUnit is an xUnit automated testing framework for Identity Management solutions.

Publish your junit test report in pdf format. Plug and Play integration. Home page: http://junitpdfreport.sourceforge.net/

JAva Fault Injection and MONitoring tool

LeakTrack provides memory leak tracking and out-of-range access checks for acquired memory blocks for you C/C++ applications on each platform.

This project aims to develop a prototype system that explores how we should re-invision computer system design based on changes in how people get the software that they run, as well as advances in static analysis of software.

S.T.R.E.S.S.(Stress Testing and Reverse Engineering for System Security) is a framework for functional testing, conventional testing and security assessment about network software and firmware device.

THE STP CODE HAS MOVED TO GITHUB. THE CODE HERE IS STALE. PLEASE CHECKOUT THE FOLLOWING WEBSITE: http://stp.github.io/

This library has a package of useful methods to help the development of automated tests for Java applications.

This command-line utility produces a report of file information including version information where available. The reports can be useful for release information, manifests, and integrity verification.

ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. This aids security researchers in writing buffer overflows, input validation vulnerabilities, as well as helping one audit code for general logic mistakes.

bddshell is a command line program for deductive database-based analysis. Its primary focus is software vulnerability detection. It acts as a front-end to a number of other programs, such as bddbddb and joeq.

Dranzer: ActiveX vulnerability discovery tool. CERT developed this open source tool so that software developers can test ActiveX controls for vulnerabilities before the software is released to the public.

libcmle is a collection of templates and functions that help one to develop more secure and more stable C++ software. It currently is in pre-alpha stadium.

An extension and enhancement to the original SPIKE. SPIKIER is ment to be a continuous project of improvements to the block based fuzzer SPIKE.

Ease the pain of operating a Windows Vista system with User Account Control (UAC) enabled--similar to the sudo command available for *nix systems.