OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
StoryText (formerly PyUseCase) is an unconventional GUI testing tool written in Python. It currently has mature support for PyGTK, beta status support for Java Swing, SWT/Eclipse RCP, and Tkinter, and very basic support for wxPython. Instead of recording GUI mechanics directly, it asks the user for descriptive names and hence builds up a "domain language" along with a "UI map file" that translates it into the current GUI layout. Instead of an "assertion" mechanism, it auto-generates a log of the GUI appearance and changes to it, so as to use that as a baseline for text-based testing, using e.g. TextTest. Instead of requiring the tester to add "wait" statements by hand, it includes support for instrumenting code so that "waits" can be recorded.
Bugzero is a Web-based change management and issue tracking system used in a distributed team environment to track software bugs, hardware defects, test cases, or any other issues. It can also be used equally well as a helpdesk customer support, trouble ticketing, or email management system to collect and manage customer feedbacks, incidents, requests, and issues. It is easy to use, but still flexible and adaptive, and can be configured to fit to your organization's unique business process and workflow.
Citrus is a test framework written in Java that enables automated integration testing of message-based enterprise SOA applications. The tool can easily simulate surrounding systems across various transports and protocols (e.g. JMS, SOAP WebServices, HTTP, TCP/IP, etc.) in order to perform end-to-end use case testing. Citrus provides strong validation mechanisms for XML message contents and allows you to build complex testing logic such as sending and receiving messages, database validation, automatic retries, variable definitions, dynamic message contents, error simulation, and many more.
Linux Test Project is a joint project started by SGI, OSDL, and Bull developed and maintained by IBM, Cisco, Fujitsu, SUSE, Red Hat, Oracle, and others. The project goal is to deliver tests that validate the reliability, robustness, and stability of Linux. Currently it contains more than 1000 syscall test cases, I/O and AIO stress test cases, a few Linux kernel device drivers, a well maintained fork of the Open POSIX Testsuite, a real-time test suite, and more.
YourKit Java Profiler is a CPU and memory profiler that makes it easy to solve wide range of CPU- and memory-related performance problems. It features automatic leak detection, powerful tools for the analysis of memory distribution, an object heap browser, comprehensive memory tests as part of your JUnit testing process, extremely low profiling overhead, transparent deobfuscation support, and integration with Eclipse, JBuilder, IntelliJ IDEA, NetBeans, and JDeveloper IDEs.
Tsung is a distributed load testing tool. It is protocol-independent and can currently be used to stress HTTP, WebDAV, PostgreSQL, MySQL, LDAP, AMQP, and XMPP/Jabber servers. It simulates user behavior using an XML description file, reports many measurements in real time (statistics can be customized with transactions, and graphics generated using gnuplot). For HTTP, it supports 1.0 and 1.1, has a proxy mode to record sessions, supports GET, POST, PUT, and DELETE methods, cookies, and basic/digest authentication. It also has support for SSL, WebSocket, and BOSH.
CaptureMock provides capture-replay mocking for Python, on the command line and with client-server communication. CaptureMock's approach is a so-called capture-replay approach. This means that when you 'record' your mock, CaptureMock will observe the interaction between your code and the subsystem you are mocking out, and record it in a text file in its own format. When you then run your test in 'replay mode', CaptureMock can play the role of the subsystem in question, and the real subsystem does not need to even be installed. You can then choose, each time you run your tests, whether you wish to have the real subsystems present and verify/recreate the captured mocks, or to rely on the mocks captured by a previous run. If you are running in 'replay mode' and CaptureMock does not receive the same calls as previously, it will fail the test, and suggest that you may want to recreate the mocks in record mode.
Tcl provides a portable scripting environment for Unix, Windows, and Macintosh that supports string processing and pattern matching, native file system access, shell-like control over other programs, TCP/IP networking, timers, and event-driven I/O. Tcl has traditional programming constructs like variables, loops, procedures, namespaces, error handling, script packages, and dynamic loading of DLLs. Tk provides portable GUIs on UNIX, Windows, and Macintosh. A powerful widget set and the concise scripting interface to Tk make it a breeze to develop sophisticated user interfaces.