OWASP Tiger V1.0 for testing ASP.net security issues

OWASP Tiger is a Windows application originally intented to be used for automating the process of testing various known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested.

OWASP Tiger’s goals are quite simple:

  • Provide a simple way to create HTTP or HTTPS requests. You can define these using a very simple to use GUI.
  • Provide a simple, but flexible way of analyzing the responses automatically. You can define sets of rules that are to be applied to responses using a user friendly conditioin editor.
  • Allow for easy sharing and reuse of tests. You can save your test projects, send them to other Tiger users and even create templates that new Tiger projects can be based upon.

OWASP Tiger has been added to SD Security Tools Tracking Process

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Code Auditing :

    PCI/DSS 6.3.6, 6.3.7, 6.6, SOX A12.8, GLBA 16CFR Part 314.4(b) and (2);FISMA RA-5, SC-18, SA-11 SI-2, and ISO 27001/27002 (12.4.1, 12.4.3, 12.5)


Related Articles

Application Scanner
Code Auditing
Owasp Tiger