- Fuzzing:
- rats
- yasca
- DevSkim
- flawfinder (additionally contains another list of tools)
- clint
- adlint
- OCLint
- JLint
- JavaScript Lint
- ESLint
- PHPLint
- RIPS
- sparse
- Clang Static Analyzer
- pscan
- Cppcheck
- mops
- boon
- Bandit
- Stanse
- Spike PHP Security Audit Tool
- php-grinder
- blast
- its4
- graudit
- FindBugs
- ScanJS (replacement)
- JSPrime
- Retire.js
- PMD
- Milk
- lapse-plus
- sqlmap
- skavenger
- websecurify
- skipfish
- Grabber
- watobo
- smatch
- Valgrind
- The Mole
- OWASP Tools
- List of tools for static code analysis
- Tools & Tips for auditing code
- mustache-security - A wiki dedicated to JavaScript MVC security pitfalls
- Kali Linux Linux distribution with security tools (has grown out of Backtrack so if anyone suggests Backtrack, you actually want to use Kali)
