commercial tools, but it's still a good resource. I hope I've encouraged you to start using some new security testing tools even if you don't have the budget for commercial tools right now. I'd also like to encourage you to take advantage of the many Web sites that offer free security training as well. After all, if you're unfamiliar with the underlying principles of the vulnerabilities for which you're testing, it'll be much more difficult for you to effectively use even the most user-friendly security tool.
If I've missed your favorite free tool on this list, tell me about it. Post a note on the Discussion Board and we'll continue the conversation there. Alternatively, I'll have to start a new quarterly column on StickyMinds called "The Frugal Pentester."
Pages
About the author
Bryan Sullivan is a security program manager on the Security Development Lifecycle (SDL) team at Microsoft. He is a frequent speaker at industry events, including Black Hat, BlueHat, and RSA Conference. Bryan is also a published author on Web application security topics. His first book, Ajax Security was published by Addison-Wesley in 2007.
