Here’s a list of great security tools, many of the open source, that came out of the April 11th Vogon Poetry Security Open Forum. H/T to Jason Wilkinson of Firespring for helping me compile this list.
Qualys Labs SSL Server Test – This tests that your servers are configured correctly to support appropriate levels of encryption. It not only detects possible vulnerabilities, it also links to appropriate documentation and blog posts to mitigate those risks.
Sophos Security Headers Test – This tests your site uses the headers it should and looks for ones you should be removing.
OpenVAS – OpenVAS is an open-source framework of several services and tools offering a comprehensive scanning and vulnerability management.
Nessus – A good, more user-friendly alternative to OpenVAS but a lot less free.
Vega – Subgraph’s free and open-source web security scanner and web security testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities.