OWASP ASST is an open source tool that scans web applications.
Introduction
Web applications have become an integral part of our lives, but many of these applications are developed with critical vulnerabilities points which can be exploited by malicious users.
As the technology used to develop these applications evolves, so do hacker techniques.
Attackers no longer need physical access to their victims, as they can attack more than one target at a time and the chances of being caught by the authorities are very low.
Automated network vulnerability scanners are widely used to assess the security of web applications. The new automated vulnerability scanner called Automated Software Security Toolkit (ASST), scans the source code of a web project and generates a report of the results with a detailed explanation of each potential vulnerability and how to fix it.
We have tested the performance of ASST and compared its results with other major open source vulnerability scanners. Our results show that ASST can identify more and more accurate software security vulnerabilities.
What is ASST?
ASST is an Open Source, Source Scanning Tool, it is a CLI (Command Line Interface), developed with JavaScript (Node.js framework).
It currently focuses on PHP and MySQL programming languages, but since its core functionality is ready and available to everyone, developers can contribute and add plugins or extensions to add functionality and scan other programming languages such as Java, C#, Python , etc... Thus, its infrastructure is designed to accept contributions from other developers.
ASST teaches developers how to secure their projects
When ASST scans a project, it scans every line of code for security vulnerabilities. If a vulnerability is detected, it will list in the report on which line and in which file it was detected along with a "Click here" link to see explanations and how to fix it.
ASST results are displayed in HTML format linked to PDF files to explain each attack and how you can protect yourself.
Information on installing and using the program, you will find here.