The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities.

another web testing tool called FunkLoad. This python application can be used for functional and regression testing of web applications.

WebLOAD stress and load testing tool has been released by Radware as open source. The Commercial-Grade Open Source Load Testing Solution from RadView. Load-test any Internet Application, including applications that use Web 2.0 & AJAX.

It is very common today for malware to “call home” upon infecting a victim computer and this is exactly where White Trash kicks in : It is a user driven dynamic white listing system that guarantees that the outgoing HTTP connections have been initiated by real users. A nice side effect is holding the users responsible for all the browsing history recorded by the system.

It’s about storing unique MD5 hashes in the title of numerous pages spidered by Google . You may call it an implementation of an hash search engine using Google.

Acunetix Web Vulnerability Scanner 5 is definitely a most valuable ally in the battle against web security risks. This versatile software has successfully tackled the 80 / 20 problem of advanced software applications. It delivers good value for the money even if you use just 20 percent of it’s features, whereas in the hands of an web application security professional it reveals the 80 percent reserve of raw power.

Tenable’s new Passive Vulnerability Scanner (PVS) which can monitor traffic for as much as 25,000 systems whilst passively detecting vulnerabilities.

Google has released it’s Safe Browsing API thus giving access to any application to it’s malware URL database. The Safe Browsing API is an API that allows client applications to check URLs against Google’s constantly-updated blacklists of suspected phishing and malware pages.

Andres Riancho has released w3af 1.0 - the Web Application Attack and Audit Framework.This framework is written in python and resembles a bit to metasploit having an architecture based on plugins

I read today about a new tool for web brute forcing : DirBuster. It is a multi threaded java application designed to brute force directories and files names on web/application servers.