You may be aware of AppScan, Accunnetix web scanner and lot of other commercial tools which aid you to perform security testing (To be precise, I would say security checks). As a start-up or an individual, it is hard for you to purchase the license of such commercial tools. Since my childhood, I have been always relying on freeware and open-source tools to aid my security testing activity. While commercial tools add a different value, it is always about the context. However, if you just run the commercial tool and the report says, no vulnerabilities; I would personally say that “Something fishy” unless I test it using my ideas. So, you see it is about combining the mind-set and skill-set.
There are many open-source tools that will get on the web. They may in their crude shape and not easy to use. However, you got to dig deeper and find out their usage and then you will see the pleasure of using them for your security testing. And the best part about open-source is that you can customize them to suit your needs.

Do I need to learn programming to make better use of them?
This answer is based on the context and your interests. In my experience, anything doesn’t interest you may not help you perform better. If the tool already serves your purpose you do not need it. However, if you want to customize it; either you need to know programming language or else someone in your team can help. You may seek help from the developers in your team as well.
For web security, you may want to learn Python scripting.

Helping the community
If you can add features to the existing open-source tool, then you can give back to the open-source community by releasing it under open-source license while you retain the credits to the people who worked on it earlier.

Toolkit
Here are some of the sources from where you can try open-source tools for security testing activity.

http://www.opensourcetesting.org/security.php
http://packetstormsecurity.com/files/tags/tool/
https://www.owasp.org/index.php/Appendix_A:_Testing_Tools

In my personal opinion, open-source tools / utilities could be made much better and used by start-ups and companies who do not have much funds. However, even if someone has funds, they could still use open-source tools because they have got enough power; it is just that you got to know how to use the gears & get benefited by them in your security testing / penetration testing activity.
Before I end, I want to say this; “It is about both mind-set and skill-set to do great. So, both need to exist in you in order perform better at security testing”.

 

https://i1.wp.com/www.testingcircus.com/wp-content/uploads/Bug-Report-software-testing.jpg?fit=390%2C255&ssl=1https://i1.wp.com/www.testingcircus.com/wp-content/uploads/Bug-Report-software-testing.jpg?resize=150%2C128&ssl=1Santhosh TuppadSecurity Testing TipsSecurity Testing TipsYou may be aware of AppScan, Accunnetix web scanner and lot of other commercial tools which aid you to perform security testing (To be precise, I would say security checks). As a start-up or an individual, it is hard for you to purchase the license of such commercial tools....
The following two tabs change content below.
Santhosh Tuppad is the Cofounder & Software Tester of Moolya Software Testing Private Limited (www.moolya.com). He also won the uTest Top Tester of the Year 2010 apart from winning several testing competitions from uTest and Zappers. Santhosh specializes in exploratory testing approach and his core interests are security, usability and accessibility amidst other quality criteria. Santhosh loves writing and he has a blog http://tuppad.com/blog. He has also authored several articles and crash courses in the past. He attends conferences and confers with testers he meets. Santhosh is known for his skills in testing and you should get in touch with him if you are passionate about testing.