OWASP ASST is an open source tool that scans web applications.
Web applications have become an integral part of our lives, but many of these applications are developed with critical vulnerabilities that can be exploited by malicious users.
As the technology used to develop these applications evolves, so do hacker techniques.
Attackers no longer need physical access to their victims, as they can attack more than one target at a time and the chances of being caught by the authorities are very low.
Automated network vulnerability scanners are widely used to evaluate the security of web applications. A new automated vulnerability scanner called the Automated Software Security Toolkit (ASST) scans the source code of an online project and generates a report of the results with a detailed explanation of any potential vulnerabilities and how to fix them.
We have tested the performance of ASST and compared its results with other major open source vulnerability scanners. Our results show that ASST can identify more and more accurate software security vulnerabilities.
What is ASST?
It currently focuses on PHP and MySQL programming languages, but since its basic functions are ready and available to everyone, developers can contribute and add add-ons or extensions to add functions and scan in other programming languages such as Java, C #, Python, etc.… Thus, its infrastructure is designed to accept contributions from other developers.
ASST teaches developers how to secure their projects
When ASST scans a project, it scans every line of code for security vulnerabilities. If a vulnerability is detected, it will list in the report on which line and in which file it was detected along with a "Click here" link to see explanations and how to fix it.
ASST results are displayed in HTML format that links to PDF files to explain each attack and how you can protect yourself.
Information on installing and using the program, you will find here.