OWASP ASST is an open code tool, which scans web applications.
Introduction
Web applications have become an integral part of our lives, but many of these applications are developed with critical vulnerabilities that can be exploited by malicious users.
As the technology used to develop these applications evolves, so do hacker techniques.
Attackers no longer need physical access to their victims, as they can attack more than one target at a time and the chances of being caught by the authorities are very low.
Automated network vulnerability scanners are widely used to evaluate the security of web applications. A new automated vulnerability scanner called the Automated Software Security Toolkit (ASST) scans the source code of an online project and generates a report of the results with a detailed explanation of any potential vulnerabilities and how to fix them.
We have tested ASST's performance and compared its results to other major open source vulnerability scanners. Our results show that ASST can detect more and more accurate web security vulnerabilities software.
What is ASST?
ASST is an Open Source, Source Scanning Tool, it is a CLI application (Command Line Interface), developed with JavaScript (Node.js framework).
It currently focuses on PHP and MySQL programming languages, but since its core functionality is ready and available to everyone, developers can contribute and add plugins or extensions to add functionality and scan other programming languages such as Java, C#, Python , etc... Thus, its infrastructure is designed to accept contributions from other developers.
ASST teaches developers how to secure their projects
When ASST scans a project, it scans every line of code for security vulnerabilities. If a vulnerability is detected, it will list in the report on which line and in which file it was detected along with a "Click here" link to see explanations and how to fix it.
ASST results are displayed in HTML format that links to PDF files to explain each attack and how you can protect yourself.
Information on installing and using the program, you will find here.