OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Log4php is a PHP port of Log4j, the most popular Java logging framework. It supports configuration through XML and properties files (with the same structure as log4j) and custom Configurators. File, RollingFile, DailyFile, Echo, Console, Mail, PEAR::Db, PHP error, Syslog or NT events, and socket appenders are supported. Simple, TTCC, Pattern, Html, and Xml Layouts are supported. It also supports Filters, custom Levels, and Loggers. Internal debugging can be switched on and off. Log4php can be used inside a class or inside a main/sub function.
Citrus is a test framework written in Java that enables automated integration testing of message-based enterprise SOA applications. The tool can easily simulate surrounding systems across various transports and protocols (e.g. JMS, SOAP WebServices, HTTP, TCP/IP, etc.) in order to perform end-to-end use case testing. Citrus provides strong validation mechanisms for XML message contents and allows you to build complex testing logic such as sending and receiving messages, database validation, automatic retries, variable definitions, dynamic message contents, error simulation, and many more.
Bunny the Fuzzer is a closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. It uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data.
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.