OWASP ASST is an open source tool that scans web applications.
Introduction
Web applications have become an integral part of our lives, but many of these applications are developed with critical vulnerabilities that can be exploited by malware. users.
While the technology used to develop these applications evolves, so do hacker techniques.
Attackers no longer need physical access to their victims, as they can attack more than one target at a time and the chances of being caught by the authorities are very low.
Automated network vulnerability scanners are widely used to assess the security of web applications. The new automated vulnerability scanner called Automated Software Security Toolkit (ASST), scans the source code of a web project and generates a report of the results with a detailed explanation of each potential vulnerability and how to fix it.
We have tested the performance of ASST and compared its results with other major open source vulnerability scanners. Our results show that ASST can identify more and more accurate software security vulnerabilities.
What is ASST?
ASST is an Open Source, Source Scanning Tool, it is a CLI (Command Line Interface) application, developed with JavaScript (Node.js framework).
It currently focuses on PHP and MySQL programming languages, but since its basic functions are ready and available to everyone, developers can contribute and add add-ons or extensions to add functions and scan in other programming languages such as Java, C #, Python, etc.… Thus, its infrastructure is designed to accept contributions from other developers.
ASST teaches developers how to secure their projects
When ASST scans a project, it checks each line of code for vulnerabilities security. If a vulnerability is found, it will list in the report which line and in which file it was found along with a “Click here” link to see explanations and how to fix it.
ASST results are displayed in HTML format that links to PDF files to explain each attack and how you can protect yourself.
Information about the installation and use of the prolettertos, you will find here.