We were doing some work with a partner recently, and they asked what our favorite attack tools were that we use to validate and demonstrate our security features in the NetScaler. That was an excellent question. It has been a couple of years since I actually built a proof of concept to demonstrate Application Layer attacks so I took a poll. I am sure there are more, but here is the list of popular attack tools used to demonstrate Application Firewall functionality. The only reason for divulging this list is for potential and existing customers of the Citrix Application Firewall… If you don’t know what could hit you, you could be vulnerable. Of course, our favorite is Badstore – authored by some folks at Citrix.
In order of popularity:
- Badstore (documentation)
- Google Gruyere
- Samurai Web Testing Framework
- Hacme Casino
Naturally, the best way to stop the attacks is by using the Citrix NetScaler, Application Firewall feature set.
What attack tools do you use to demonstrate application security features?
See what you are missing by visiting these organizations dedicated to your application health: