The open vulnerability assessment system (openvas) is a free network security scanner platform, with most components licensed under the gnu general public license (gnu gpl). the main component is. A large number of both commercial and open source tools of this type are available and all of these tools have their own strengths and weaknesses. if you are interested in the effectiveness of dast tools, check out the owasp benchmark project, which is scientifically measuring the effectiveness of all types of vulnerability detection tools. Nessus is one of the most popular and capable vulnerability scanners, particularly for unix systems. it was initially free and open source, but they closed the source code in 2005 and removed the free "registered feed" version in 2008. it now costs $2,190 per year, which still beats many of its competitors..
Vega is another free open source web vulnerability scanner and testing platform. with this tool, you can perform security testing of a web application. this tool is written in java and offers a gui based environment.. Continuously monitor oss security vulnerabilities in your product. important: unlike in other open source scanning softwares (e.g. black duck protex, palamida, openlogic, protecode), your code will not be uploaded to whitesource's servers. warn when a new open source vulnerability is discovered in your product, even if it’s a released. Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. vega can help you find and validate sql injection, cross-site scripting (xss), inadvertently disclosed sensitive information, and other vulnerabilities..
