Web Site Test Tools and Site Management Tools
More than 580 tools listed in 14 categories
Organization of Web Test Tools Listing - this tools listing has been loosely organized into the following categories:
Note: Categories are not well-defined and some tools could have been listed in several categories; the 'Web Site Management Tools' category includes products that contain: site version control tools, combined utilities/tools, server management and optimization tools, and authoring/publishing/deployment tools that include significant site management or testing capabilities. Suggestions for category improvement are welcome; see bottom of this page to send suggestions.
Check listed tool/vendor sites for latest product capabilities, supported platforms/servers/clients, etc. New listings are periodically added to the top of each category section. Note that tools lower in the list in each section are not necessarily 'old', have stood the test of time, and have often been updated to have the latest capabilities. Date of latest revision of this list is shown at bottom of the page.
Also see Web Site Testing FAQ in the FAQ Part 2 for a discussion of web site testing considerations; also see What's the best way to choose a test automation tool? in the LFAQ section; there are also articles about web site testing and management in the 'Resources' section.
Load and Performance Test Tools
Agileload - Load test tool from Agile Load SA for testing all types of web and mobile applications. Main features include automatic recording of test scenarios, distributed load injectors, topological and threshold analysis of anomalies, infrastructure monitoring, creation of custom test reports for each user profile. Also available in the Amazon EC2. For Web Services, Html/Ajax, Web 2.0 such as Adobe Flash/Flex, J2EE, .Net, PHP, Mainframe Portals, ERP/CRM Portals, Microsoft Silverlight,Microsoft Sharepoint.
Load Tester LITE - Free/low cost load test tool from Web Performance, Inc. - lite version of its Load Tester PRO? 5 software. Run test cases with up to 1,000,000 virtual users at no cost from user-hosted servers, or from cloud servers starting at just $1 per hour. For testing fundamental aspects of website performance such as raw bandwidth, firewall and load balancer throughput, and especially single page load times.
LoadZen - Cloud-based load testing service from LoadZen that enables emulation of tens of thousands of virtualized concurrent users. Capabilities include variable ramp-up rates to change test traffic patterns, randomised virtual user behaviour, scheduled testing, and more. Free to use for up to 25 concurrent users.
Tsung - Free open-source multi-protocol distributed load testing tool supported by Process-One. Can be used to stress HTTP, WebDAV, SOAP, PostgreSQL, MySQL, LDAP and Jabber/XMPP servers. SSL is also supported. OS monitoring (CPU, memory and network traffic) using SNMP, Munin or Erlang agents on remote servers. XML configuration system; several sessions can be used to simulate different type of users. Dynamic sessions can be described in XML. User think-times and the arrival rate can be randomized using a probability distribution. HTML reports can be generated during the load to view response times measurement, server CPU, etc. Developed in Erlang.
Telerik Test Studio - Telerik Test Studio load testing add-on. Load tests can be created by using existing functional tests or Fiddler logs or can be captured from scratch. Features a single VU license type to cover a range of technologies and protocols and extremely powerful load agents capable of generating high user load without extreme increase in hardware/system requirements.
Loadster - Load testing tool from Brickyard Technologies, Inc. oriented to testing websites, web applications, and HTTP web services; includes graphical script editor, live reporting, and unlimited virtual users. Execute multiple scripts simultaneously, with multiple virtual user populations, ramp user load up and down with almost infinite possibilities, simulate network bandwidth for virtual users, adjust or randomize wait times, and add thresholds to fine-tune test inputs. Free and $ versions available.
Loadtracer - Web load testing tool from Trace Technologies Pvt. Ltd. Includes a recorder, simulator, and Analyzer. Recorder supports parameterization, variable management, response validation; simulator supports up to several thousand virtual users; analyzer can generate graphs and reports that are exportable into various formats.
HttpRider - A lightweight, open source tool for web site load, performance and stress testing developed in .NET; by Alexandru Botez. Creates http scenarios by profiling http requests using Fiddler and replicates them based on user configuration. Can customize query string and post parameters by binding them to a custom data source to mimic non-identical requests. Requires Windows with .NET 4.0
LoadUI - Free open source load testing tool from SmartBear Software. Paid pro version adds Server Monitoring, Distribution, and Results Comparison. Java-based so works on multiple platforms. Works from command line or UI. Handles SOAP/WSDL, JDBC, RESTful Services, HTTP, HTTPS, more.
AppViewWeb - Cloud-based performance testing service from AppNeta that provides visibility into the network performance of web applications. Especially useful for QA test engineers conducting application pre-deployment testing on WAN networks. When testing web-based applications for CRM, VoIP, Video, Citrix, VMware and database management applications it's helpful to understand the performance of these applications from the perspective out to remote site end users; AppViewWeb provides such insight.
Multi-Mechanize - Multi-Mechanize is an open source framework by Corey Goldberg for web performance and load testing. It allows you to run simultaneous python scripts to generate load (synthetic transactions) against a web site or web service. Results can be saved in CSV format along with an HTML report containing stats and graphs. Proficiency with Python, HTTP, and performance/load testing is recommended to use Multi-Mechanize successfully.
Load2Test - Performance/load/stress/high availability testing tool from Enteros Inc. Can capture real production workload for playback simulating thousands of users for top down testing or back-end testing at the component layer. Also available in the Amazon EC2, RackSpace or PlatForm Labs cloud environments. Integrated performance management and root cause analysis system automatically collects performance metrics across load test infrastructure and applies cross-component correlation to identify performance degradations and bottlenecks. Targeted platforms/OS's: Load2Test Controller: Windows, Linux; Load2Test Test Nodes: Windows, Linux. Load2Test performance monitors and root cause analysis data collectors - OS: Windows, Linux, HP/UX, SUN Solaris, IBM AIX Databases: Oracle, DB2, SQL Server, Sybase, MySQL, PostgreSQL; App: .NET, JBoss, WebLogic, WebSphere, Oracle Application Server (OAS), GlassFish, Tomcat, JettyStorage: NetApp Filers, IBM DS8300
Blazemeter - Self-service, on-demand, cloud-based load testing. Simulate any user scenario for webapps, websites, mobile apps or web services. Launch a single dedicated server or a cluster of 100. Apache JMeter compatible - pre-configured JMeter environments with up to 144 CPU cores and 500 GB of memory. Set geo locations from among choices worldwde. Set up tests, access test results, view test reports, compare past test reports and more, all on a unitary console. Use your VPN credentials to integrate a series of Blazemeter dedicated load servers into your private network for testing behind your firewall. Free tools and resources for tips and tricks to optimize website and app performance.
Load-Intelligence - Affordable load-testing ?Software as a Service? from Cloud-Intelligence. Software and unlimited hardware all included. JMeter users can execute their test-scripts in an unlimited, pre-configure, distributed environment. Neither setup nor installation are required. Immediate access to JMeter logs, reports, test script, CSV files and more.
LoadStorm - A web-based load testing tool/service as a distributed application that leverages the power of Amazon Web Services to scale on demand with processing power and bandwidth as needed. As the test loads increase to hundreds or thousands of virtual users, LoadStorm automatically adds machines from Amazon's server farm to handle the processing. Tests can be built using the tool in such a way as to simulate a large number of different users with unique logins and different tasks.
Neustar Web Performance - On-demand, self-service, pay-as-you-go service from Neustar enables simulation of large volumes of real browsers hitting a website. Utilizes Selenium. Uses cloud-based real or emulated browsers, AJAX & Flash support. Browser screen shots of errors included in reports.
Load Impact - Online load testing service from Gatorhole/loadimpact.com for load- and stress- testing of your website over the Internet; access to our distributed network of load generator nodes - server clusters with very fast connections to enable simulation of tens of thousands of users accessing your website concurrently. Free low level load tests for 1-50 simulated users; higher levels have monthly fees.
Pylot - Open source tool by Corey Goldberg for generating concurrent http loads. Define test cases in an XML file - specify requests - url, method, body/payload, etc - and verifications. Verification is by matching content to regular expressions and with HTTP status codes. HTTP and HTTPS (SSL) support. Monitor and execute test suites from GUI (wxPython), and adjust load, number of agents, request intervals, ramp-up time, test duration. Real-time stats and error reporting are displayed.
AppLoader - Load testing app from NRG Global for web and other applications accessible from a Windows desktop; generates load from the end user's perspective. Protocol independent and supports a wide variety of enterprise class applications. Integrates with their Chroniker monitoring suite so results of load testing can be correlated with system behavior as load is increased. Runs from Win platforms.
fwptt - Open source tool by Bogdan Damian for load testing web applications. Capabilities include handling of Ajax. Generates tests in C#. For Windows platforms
JCrawler - An open-source stress-testing tool for web apps; includes crawling/exploratory features. User can give JCrawler a set of starting URLs and it will begin crawling from that point onwards, going through any URLs it can find on its way and generating load on the web application. Load parameters (hits/sec) are configurable via central XML file; fires up as many threads as needed to keep load constant; includes self-testing unit tests. Handles http redirects and cookies; platform independent.
Curl-Loader - Open-source tool written in 'C', simulating application load and behavior of tens of thousand HTTP/HTTPS and FTP/FTPS clients, each with its own source IP-address. In contrast to other tools curl-loader is using real C-written client protocol stacks, namely, HTTP and FTP stacks of libcurl and TLS/SSL of openssl. Activities of each virtual client are logged and collected statistics include information about: resolving, connection establishment, sending of requests, receiving responses, headers and data received/sent, errors from network, TLS/SSL and application (HTTP, FTP) level events and errors.
Gomez Web Load Testing - An on-demand load testing service from Gomez.com/Compuware. Utilizes Gomez?s Active Network providing on-demand active monitoring from 150+ enterprise-grade servers running in world-class, high-bandwidth data centers around the globe, and Gomez?s Active Last Mile which provides on-demand active monitoring from 150,000+ real, consumer-grade desktops in 168+ countries.
StressTester - Enterprise load and performance testing tool for web applications from Reflective Solutions Ltd. Advanced user journey modeling, scalable load, system resources monitors and results analysis. No scripting required. Suitable for any Web, JMS, IP or SQL Application. OS independent.
The Grinder - A Java-based load-testing framework freely available under a BSD-style open-source license. Orchestrate activities of a test script in many processes across many machines, using a graphical console application. Test scripts make use of client code embodied in Java plug-ins. Most users do not write plug-ins themselves, instead using one of the supplied plug-ins. Comes with a mature plug-in for testing HTTP services, as well as a tool which allows HTTP scripts to be automatically recorded.
Proxy Sniffer - Web load and stress testing tool from from Ingenieurb?ro David Fischer GmbH Capabilities include: HTTP/S Web Session Recorder that can be used with any web browser; recordings can then be used to automatically create optimized Java-based load test programs; automatic protection from "false positive" results by examining actual web page content; detailed Error Analysis using saved error snapshots; real-time statistics.
Testing Master - Load test tool from Novosoft, capabilities include IP spoofing, multiple simultaneous test cases and website testing features for sites with dynamic content and secure HTTPS pages.
JKool Online - Performance measurement and monitoring service from Nastel Inc. for web-based J2EE and SOA applications; start and stop live data monitoring whenever needed; drills down to JMS, JDBC, method calls, servlets and sessions with simple one-click option to view live session details; built-in support for jBoss, WebLogic and IBM WebSphere Application Server.
Funkload - Free web load testing, stress testing, and functional testing tool by Benoit Delbosc written in Python and distributed as free software under the GNU GPL. Emulates a web browser (single-threaded) using webunit; https support; produces detailed reports in ReST, HTML, or PDF.
Avalanche - Load-testing appliance from Spirent Communications, designed to stress-test security, network, and Web application infrastructures by generating large quantities of user and network traffic. Simulates as many as two million concurrently-connected users with unique IP addresses, emulates multiple Web browsers, supports Web Services testing Supports HTTP 1.0/1.1, SSL, FTP, RTSP/ RTP, MS Win Media, SMTP, POP3, DNS, Telnet, and Video on Demand over Multicast protocols.
Loadea - Stress testing tool runs on WinXP; free evaluation version for two virtual users. Capture module provides a development environment, utilizes C# scripting and XML based data. Control module defines, schedules, and deploys tests, defines number of virtual users, etc. Analysis module analyzes results and provides reporting capabilities.
LoadManager - Load, Stress, Stability and Performance testing tool from Alvicom. Runs on all platforms supported by Eclipse and Java.
QEngine Performance Tester - Automated testing tool from Zoho Corp. for performance testing (load and stress testing) of web applications and web services; J2EE, .NET, AJAX, PHP, Ruby on Rails, SOAP Web Services etc. Supports multiple browsers on Linux and Windows.
LoadUIWeb Pro - Automated web load test tool from SmartBear Software. Generate local load or from the cloud. Record scenarios and optimize load model using the freehand workload modeling tool. Collects server performance data for inclusion in reports.
QTest - Web load testing tool from Quotium Technologies SA. Capabilities include: cookies managed natively, making the script modelling phase shorter; HTML and XML parser, allowing display and retrieval of any element from a HTML page or an XML flux in test scripts; option of developing custom monitors using supplied APIs; more.
Test Perspective Load Test - Do-it-yourself load testing service from Keynote Systems for Web applications. Utilizes Keynote's load-generating infrastructure on the Internet; conduct realistic outside-the-firewall load and stress tests to validate performance of entire Web application infrastructure.
SiteTester1 - Load test tool from Pilot Software Ltd. Allows definition of requests, jobs, procedures and tests, HTTP1.0/1.1 compatible requests, POST/GET methods, cookies, running in multi-threaded or single-threaded mode, generates various reports in HTML format, keeps and reads XML formatted files for test definitions and test logs. Requires JDK1.2 or higher.
httperf - Web server performance/benchmarking tool from HP Research Labs. Provides a flexible facility for generating various HTTP workloads and measuring server performance. Focus is not on implementing one particular benchmark but on providing a robust, high-performance, extensible tool. Available free as source code.
WAPT - Web load and stress testing tool from SoftLogica LLC. Handles dynamic content and HTTPS/SSL; easy to use; support for redirects and all types of proxies; clear reports and graphs.
Visual Studio Test Professional - A suite of testing tools for Web applications and services that are integrated into the Microsoft Visual Studio environment. These enable testers to author, execute, and manage tests and related work items all from within Visual Studio. Includes Lab Management capabilities.
OpenLoad - Affordable and completely web-based load testing tool from OpenDemand; knowledge of scripting languages not required - web-based recorder can capture and translate any user action from any website or web application. Generate up to 1000 simultaneous users with minimum hardware.
Apache JMeter - Java desktop application from the Apache Software Foundation designed to load test functional behavior and measure performance. Originally designed for testing Web Applications but has since expanded to other test functions; may be used to test performance both on static and dynamic resources (files, Servlets, Perl scripts, Java Objects, Data Bases and Queries, FTP Servers and more). Can be used to simulate a heavy load on a server, network or object to test its strength or to analyze overall performance under different load types; can make a graphical analysis of performance or test server/script/object behavior under heavy concurrent load.
Siege - Open source stress/regression test and benchmark utility; supports basic authentication, cookies, HTTP and HTTPS protocols. Enables testing a web server with a configurable number of concurrent simulated users. Stress a single URL with a specified number of simulated users or stress multiple URL's simultaneously. Reports total number of transactions, elapsed time, bytes transferred, response time, transaction rate, concurrency, and server response. Developed by Jeffrey Fulmer, modeled in part after Lincoln Stein's torture.pl, but allows stressing many URLs simultaneously. Distributed under terms of the GPL; written in C; for UNIX and related platforms.
JBlitz - Load, performance and functional test tool from Clan Productions. Runs multiple concurrent virtual users.to simulate heavy load. Validates each response using plain text or regular expression searches, or by calling out to your own custom code. Full Java API. For testing and 'bullet-proofing' server side software - ASPs, JSPs, servlets, EJBs, Perl / PHP / C / C++ / CGI scripts etc.
WebServer Stress Tool - Web stress test tool from Paessler AG handles proxies, passwords, user agents, cookies, AAL.
Web Polygraph - Freely available benchmarking tool for caching proxies, origin server accelerators, L4/7 switches, and other Web intermediaries. Other features: for high-performance HTTP clients and servers, realistic traffic generation and content simulation, ready-to-use standard workloads, powerful domain-specific configuration language, and portable open-source implementation. C++ source available; binaries avail for Windows.
OpenSTA - 'Open System Testing Architecture' is a free, open source web load/stress testing application, licensed under the Gnu GPL. Utilizes a distributed software architecture based on CORBA. OpenSTA binaries available for Windows.
PureLoad - Java-based multi-platform performance testing and analysis tool from PureLoad Software. Includes 'Comparer' and 'Recorder' capabilities, dynamic input data, scenario editor/debugger, load generation for single or distributed sources.
ApacheBench - Perl API for Apache benchmarking and regression testing. Intended as foundation for a complete benchmarking and regression testing suite for transaction-based mod_perl sites. For stress-testing server while verifying correct HTTP responses. Based on the Apache 1.3.12 ab code. Available via CPAN as .tar.gz file.
Torture - Bare-bones Perl script by Lincoln Stein for testing web server speed and responsiveness and test stability and reliability of a particular Web server. Can send large amounts of random data to a server to measure speed and response time of servers, CGI scripts, etc.
WebSpray - Low-cost load testing tool from CAI Networks; includes link testing capabilities; can simulate up to 1,000 clients from a single IP address; also supports multiple IP addresses with or without aliases. For Windows.
eValid LoadTest - Web test tool from Software Research, Inc that uses a 'Test Enabled Web Browser' test engine that provides browser based 100% client side quality checking, dynamic testing, content validation, page performance tuning, and webserver loading and capacity analysis.
Load Testing by Web Performance - Load test tool emphasizing ease-of-use, from Web Performance Inc. Supports all browsers and web servers; records and allows viewing of exact bytes flowing between browser and server; no scripting required. Modem simulation allows each virtual user to be bandwidth limited. Can automatically handle variations in session-specific items such as cookies, usernames, passwords, IP addresses, and any other parameter to simulate multiple virtual users. For Windows, Linux, Solaris, most UNIX variants.
Optima Quality Studio - A collection of load testing, capture/playback, and related tools from Technovations for performance testing of web sites. Modules include WebCorder, Load Director, Report Generator, Batch, Manager, and others. WebSizer load testing module supports authentication, SSL, cookies, redirects. Recorded scripts can be modified manually. For Windows.
FORECAST - Load testing tool from Facilita Software for web, client-server, network, and database systems. Capabilities include proprietary, Java, or C++ scripting; windows browser or network recording/playback. Supports binary encoded data such as Adobe Flex/AMF, Serialised Java objects etc.SSL; supports NTLM, kerberos, proxies, authentication, redirects, certificates, cookies, caching, bandwidth limitation and page validation. Virtual user data can be parameterized. Works with a wide variety of platforms.
http-Load - Free load test application from ACME Labs to generate web server loads, from ACME Software. Handles HTTP and HTTPS; for Unix.
QALoad - Tool from Microfocus (formerly from Compuware) for load/stress testing of web, database, and character-based systems. Supports HTTP, SSL, SOAP, XML, Streaming Media. Works with a variety of databases, middleware, ERP.
IBM Rational Performance Tester - Performance testing tool from IBM/Rational; has optional extensions to Seibel applications and SAP Solutions. Supports Windows, Linux and z/OS as distributed controller agents; provides high-level and detailed views of tests.
SilkPerformer - Enterprise-class load-testing tool from Microfocus (formerly from Borland, formerly from Segue). Can simulate thousands of users working with multiple protocols and computing environments. Allows prediction of behavior of e-business environment before it is deployed, regardless of size and complexity.
Loadrunner - HP's (formerly Mercury's) load/stress testing tool for web and other applications; supports a wide variety of application environments, platforms, and databases. Large suite of network/app/server monitors to enable performance measurement of each tier/server/component and tracing of bottlenecks.
Link Checking Tools
Checkerr - Simple website tester/link checker. Start from a dashboard and drill down to any errors. Every error is represented as an error card, with help inline; includes broken link highlighter. Free and $$ plans available; Free plan includes up to 20,000 URLs, delayed manual tests, email alerts upon test finish.
SpringTrax - Link checking service from SpringTrax, Inc.; includes prioritizing of broken links.
LinkTiger - Hosted link checker; free and $pro versions. Capabilities include e-mail alerts, dashboard, reporting; canned reports or create rich custom reports. Scans PDF, CSS, Flash and MS Office files, flash-animation.
HiSoftware Link Validation Utility - Link validation tool; available as part of the AccVerify Product Line from HiSoftware Inc.
Link Checker Pro - Link check tool from KyoSoft; can also produce a graphical site map of entire web site. Handles HTTP, HTTPS, and FTP protocols; several report formats available. For Windows platforms.
Web Link Validator - Link checker from REL Software checks links for accuracy and availability, finds broken links or paths and links with syntactic errors. Export to text, HTML, CSV, RTF, Excel. Freeware 'REL Link Checker Lite' version available for small sites. For Windows.
Site Audit - Low-cost on-the-web link-checking service from Blossom Software.
Xenu's Link Sleuth - Freeware link checker by Tilman Hausherr; supports SSL websites; partial testing of ftp and gopher sites; detects and reports redirected URL; Site Map; for Windows.
Linkalarm - Low cost on-the-web link checker from Link Alarm Inc.; free trial period available. Automatically-scheduled reporting by e-mail.
Alert Linkrunner - Link check tool from Viable Software Alternatives; evaluation version available. For Windows.
LinkScan - Electronic Software Publishing Co.'s link checker/site mapping tool; capabilities include automated retesting of problem links, randomized order checking; can check for bad links due to specified problems such as server-not-found, unauthorized-access, doc-not-found, relocations, timeouts. Includes capabilities for central management of large multiple intranet/internet sites. Results stored in database, allowing for customizable queries and reports. Validates hyperlinks for all major protocols; HTML syntax error checking. For all UNIX flavors, Windows, Mac.
CyberSpyder Link Test - Shareware link checker by Aman Software; capabilities include specified URL exclusions, ID/Password entries, test resumption at interruption point, page size analysis, 'what's new' reporting. For Windows.
Total Validator - Java-based desktop tool validates HTML / XHTML / WCAG / Section 508 / Links / Spelling; free and pro versions. HTML validation against the W3C Specifications; accessibility validation against the WCAG (1.0 and 2.0) and US Section 508 standard; checks each page for broken links; spell checks (English, French, Italian, Spanish, German), 1-click validation using the Firefox/SeaMonkey extension, choice of browser identification to use when checking websites. Works on a wide varity of operating systems.
RealValidator - Shareware HTML validator based on SGML parser by Liam Quinn. Unicode-enabled, supports documents in virtually any language; supports XHTML 1.0, HTML 4.01, HTML 4.0, HTML 3.2, HTML 3.0, and HTML 2.0 ; extensible - add proprietary HTML DTDs or change the existing ones; fetches external DTDs by HTTP and caches them for faster validation; HTML 3.2 and HTML 4.0 references included as HTML Help. For Windows.
HTML Validator - Firefox add-on, open source by Marc Gueury. The validation is done on your local machine inside Firefox and Mozilla. Error count of an HTML page is seen as an icon in the status bar when browsing. Can validate the HTML sent by the server or the HTML in the memory (after Ajax execution). Error details available when viewing the HTML source of the page. Based on Tidy and OpenSP (SGML Parser). Available in 17 languages and for Windows and other platforms.
CSE 3310 HTML Validator - HTML syntax checker for Windows from AI Internet Solutions. Supports wide variety of standards; accessibility (508) checking; uppercase/lowercase converter. Free 'lite' version. For Windows.
(Note: Many of the products listed in the Web Site Management Tools section include HTML validation capabilities.)
Free On-the-Web HTML Validators and Link Checkers
Site Check - Type in one URL and automatically run HTML and stylesheet validators, accessibility assessment, link check, load time check, and more. Organizes access to a collection of free online web test tools. Site of UITest.com/Jens Meiert. Also lists a wide variety of free online web analysis/development/test tools.
CynthiaSays Portal - Free web content accessibility/508 validation tool; checks one page at a time. Designed to identify errors in content related to Section 508 standards and/or the WCAG guidelines. The HiSoftware CynthiaSays portal is a joint Education and Outreach project of HiSoftware, ICDRI, and the Internet Society Disability and Special Needs Chapter.
Link Valet - Online link checker, includes capability for hilighting links modified since a specified date.
WDG HTML Validator - Web Design Group's validator - latest HTML version support, flexible input methods, user-friendly error messages.
Web Page 'Purifier' - Free on-the-web HTML checker by DJ Delorie allows viewing a page 'purified' to HTML 2.0, HTML 3.2, HTML 4.0, or WebTV 1.1. standards.
W3C HTML Validation Service - HTML validation site run by the WWW Consortium (the folks who set web standards); handles one URL at a time; Can choose from among 30 character encoding types, and multiple HTML and XHTML document types/versions.
W3C CSS Validation Service - CSS validation site run by the WWW Consortium (the folks who set web standards); handles one URI at a time; or upload file or validate by direct input.
W3C Link Checker - Link checking service run by the WWW Consortium (the folks who set web standards); configurable. Handles one URL at a time. PERL source also available for download.
Weblint Gateway - Site with online HTML validator; somewhat configurable. Site provided by San Francisco State University.
Web Page Backward Compatibility Viewer - On-the-web HTML checker by DJ Delorie; will serve a web page to you with various selectable tags switched on or off; very large selection of browser types; to check how various browsers or versions might see a page.
PERL and C Programs for Validating and Checking
W3C Link Checker - Link checker PERL source code, via the WWW Consortium (the folks who set web standards); configurable. Handles one URL at a time. See 'Download' link.
HTML TIDY - Free utility available from SourceForget.net; originally by Dave Raggett. For automatic fixing of HTML errors, formatting disorganized editing, and finding problem HTML areas. Available as source code or binaries.
Big Brother - Freeware command-line link checker for Unix, Windows, by Francois Pottier. Available as source code; binary available for Linux.
LinkLint - Open source Perl program checks local/remote HTML links. Includes cross referenced and hyperlinked output reports, ability to check password-protected areas, support for all standard server-side image maps, reports of orphan files and files with mismatching case, reports URLs changed since last checked, support of proxy servers for remote URL checking. Distributed under Gnu General Public License. Has not been updated in recent years.
HTMLchek for awk or perl - Old but still useful HTML 2.0 or 3.0 validator programs for AWK or PERL by H. Churchyard; site has much documentation and related info. Not updated in recent years.
Cross-browser testing tools/services
Gridlastic - Cloud based selenium grid cross-browser testing tool from Gridlastic LLC that enables launching your own selenium grid in any Amazon data region. With 1 click you get an instant selenium maintenance-free auto-scaling cross browser testing infrastructure. The grid environment is updated regulary to support new browsers and selenium versions. Videos of every test are available for debugging.
Lunascape - A free 'triple engine' web browser from Lunascape Corp. that includes the three most popular rendering engines Trident (IE), Gecko (Firefox) and Webkit (Chrome and Safari). By clicking the smart engine-switch button next to the address bar, a user can switch rendering engine for any page, enabling running and testing of a website in multiple rendering engines. Comparisons can be made side by side with it's Cascade view/tiled windows. For Windows platforms. Also included is a 'switch user agent' capability. Supports add-ons of IE and Gecko (Firefox), plus add-ons made specifically for Lunascape. For multiple platforms.
BrowserStack - Web-based browser testing for hundreds of desktop/mobile/tablet browser-platform combinations. Capabilities include selenium automation integration, tunneling to any local server environment, HTTPS. Stacks include a wide variety of developer tools.
IEVMS - Open source multi-IE version cross browser VM tool from Greg Thornton. Microsoft provides virtual machine disk images to facilitate website testing in multiple versions of IE, regardless of the host operating system. With a single command, you can have IE6, IE7, IE8, IE9, IE10 and IE11 running in separate virtual machines. Requires Virtual Box, Curl, Linux.
DOMReactor - Online suite of tools for web cross-browser consistency testing, using a combination of positional data collected from the DOM, computer vision and human training to generate meaningful diffs. Provides layout analysis as well as screenshots. Capabilities include: automatically traverse the DOM in each browser and report inconsistencies; calibrate sensitivity of the comparison. Supports most major browsers/OSs. Components include: DomGun - reports abnormalities in DOM; DomDrone maps out and probes navigational structure; DomServo - clicks buttons links etc and reports on iissues; RedGlass - open source tool works with Selenium to observe browser events and provide an interactive log showing changes to DOM during automation session.
TestingBot - Cloud-based automated cross-browser testing service from TestingBot - utilize Selenium tests to run in the cloud on the TestingBot grid infrastructure. Compose a Selenium test with simple commands. Includes capability to run via a provided ssh tunnel allowing tests during development against staging code/environments. Also allows running tests at a specific time and interval, with failure alerts. Infrastructure includes many browsers, browser versions, OS platforms, and mobile platforms.
BrowserPhoto - Cross-browser checking online service from Keynote NetMechanic - takes snaphsots of web site pages in a wide variety of different browsers/versions/screen sizes/configurations.
Spoon - App emulation service that runs cloud-based applications from any Windows desktop with no installs; requires installation of Spoon browser plugin. Provides free versions of Firefox, Chrome, Opera and Safari with multiple versions of each. IE is not included. Paid $ Spoon Server and Spoon Studio also available.
BrowserBox - Appliance for cross browser testing by Jacob Rask; a virtual machine that runs in VirtualBox, VMWare, or from live boot CD or USB memory stick. Has multiple browsers and versions, including some mobile browsers, but does not include some older IE versions. Based on Linux distribution openSUSE, but don't need to have Linux installed or have Linux experience.
Utilu - Free utilities from Utilu that contain collections of standalone versions of IE or Firefox browsers; multiple versions can be used at the same time. Utilu Mozilla Firefox Collection contains more then ten versions of Firefox (English versions only); also includes the Firebug and Web Developer add-ons and Flash player; configurable to install only specified desired version. Supports upgrading - no need to uninstall a previous version before installing a newer version. Utilu IE Collection contains more than ten versions of Internet Explorer (English versions only); configurable to install only specified desired version; original version number is shown correcty in the User Agent string; version number also shown in window title; includes the IE Developer Toolbar.
Browsercam - Online cross-browser testing service from Compuware/Gomez. Screen capture service lets you submit single or multiple URL's, choose the browsers and operating systems you want to see, and screen captures of your webpage are loaded in the different browsers and operating systems you selected.
Browsershots - Free online cross browser/OS comparison testing. Choose browser OS, browser, and versions of interest and submit URL and site responds with a collection of screen shots.
Multi-Browser Viewer - Cross browser testing solution from TWD Solutions Pte Ltd. includes a wide variety of standalone virtualized browsers, multiple standalone mobile browsers or simulators, wide variety of screen capture image browsers; Screenshot comparison function (?Onion Skin? or ?Side-by-Side?); available in multiple languages.
BrowserSeal - Multi browser website screenshot tool - capture an image of web site under multiple browsers Supports multiple versions of IE, Firefox, Google Chrome, Opera, Safari. Optimized for speed. Comes with standalone versions of all major browsers to verify site layout issues and troubleshoot functionality issues. The Automated edition adds the ability to automatically capture multiple URLs without user intervention, and command-line control enabling use in automation scripts. For Windows platforms.
IE Netrenderer - Free site allows you to check how a website is rendered by Internet Explorer 10, 9, 8, 7, 6 or 5.5, as seen from a high speed datacenter located in Germany. Just type in a URL. Able to process a large number of capturing jobs in parallel and in realtime, making for fast service. From GEOTEK Netzwerkservice Berlin.
Litmus - Cross-browser testing service from Salted Services Inc.; oriented to html email testing; but also does 'landing page' cross browser testing for 8 different web browsers.
Web Functional/Regression Test Tools
SeLite - SeLite is an open source extension of the Selenium IDE that enhances automation of Firefox; by Peter Kehl. It enables functional testing of web applications with an isolated test database, (isolated from the DB of the tested application). Other enhanced capabilities include: management and customisation of test configuration settings, extra test actions (e.g. random input generators), loading user extensions and their dependencies in order (ExtensionSequencer), making a snapshot and reverting test DB and app DB directly from Selenium IDE.
TestCafe - Functional web testing framework from Developer Express Inc.; can run tests in any browser that supports HTML5 (including IE9+, Chrome, Firefox, Safari, Opera). OS agnostic - run tests on Win, Mac or Linux. Run tests on remote computers and mobile devices, in multiple browsers and on multiple machines simultaneously. Also eliminates out-of-process browser plug-ins, and provides wrapper-free access to DOM via jQuery or a browser's API. Ships with powerful built-in visual test recorder, and can execute generated tests on demand or as part of a CI system.
ZapTest/Zap-Fix - Offers true cross/platform cross/environment test automation. From Zap Technologies. With 1Script technology user can automate any GUI on any OS; execute it throughout these environments with same script; execute same script at once across different workstations/mobile devises (ZAP MultiRun add-in). For Windows; Mac; Linux; iOS; Android; Blackberry; WinMo. Ingrates with HP ALM and UFT (optional add-in)
HttpMaster - Web app test automation tool from Borvid. Test RESTful web services, API applications, and classic websites. Key features are dynamic parameters, response data validation rules, response data viewers, properties to fine tune web requests, intuitive user interface, and 'quick help' buttons. Express (Free) and Pro verdsions available. For Win platforms.
Runscope Radar - API test automation service from Runscope Inc. for automated testing and monitoring of APIs and backend services. Build tests that verify services are returning expected data and receive notifications when things go wrong. Works with their API Traffic Inspector. Free and paid plans available.
TOSCA Testsuite - Integrated functional testing and test management tool from TRICENTIS Technology & Consulting GmbH., for manual and automated testing, UI and non-UI, Mobile/Smart Device, Cross-Browser, SAP as well as Data Warehouse and BI Testing. Delivers a single administrative interface for manual, semi-automated, and fully automated test cases. Provides comprehensive integration with SAP, popular ALM systems, like HP, IBM, Polarion, popular defect tracking solutions and others.
RIATest - Web UI testing tool from Cogitek, for HTML, jQuery, Sencha ExtJS, Windows 8 Store apps, etc. Also supports Adobe AIR, Flex, simulation of OS level mouse and keyboard events on GUI elements, image-based automation. Can verify that a GUI element has certain appearance or contains a certain subimage inside or near it. Recorder, component inspector, RIAScript scripting language and debugger. For Win and Mac OS X platforms - scripts interoperable between both
GEB - Open source cross browser automation tool leverages the WebDriver library for browser automation - Works with any browser that WebDriver works with. Supports remote and headless browsers. JQuery-like API. Supports the Page Object pattern, leveraging Groovy's DSL; provides integration modules for popular testing frameworks such as Spock, JUnit, TestNG, EasyB and Cucumber (via Cuke4Duke).
Mink - Open source PHP Web acceptance testing framework library. Mink driver is a simple class implementing Behat\Mink\Driver\DriverInterface. (Behat is an open source BDD tool in PHP which comes bundled with Mink.) Comes with four drivers out of the box: GoutteDriver for the Goutte pure-php headless browser, SahiDriver for the Sahi JS browser controller; ZombieDriver for the Zombie.js headless browser emulator; SeleniumDriver for (deprecated) Selenium RC; and Selenium2Driver for Selenium Webdriver.
Screenster - Image-based functional and regression test automation service for web apps using screenshots on each step comparing them to baseline, allowing verification of changes or lack of changes to UI. Differences are detected between a baseline and regression run screenshots, and are visually highlighted on screen. Tester can approve the difference as expected change, ignore it from future comparison for dynamic parts of the UI, or designate as a failed test. Full access to Selenium API when needed.
Sauce Labs - Online service from Sauce Labs enables cloud-based testing on hundreds of real VM-based devices/browsers/OSs/versions for Selenium Webdriver/SeleniumRC/Appium, JS unit test automation, Appium mobile native/web/hybrid app test automation, and manual testing. Reports can include metadata, access to log files, list of commands and responses, screenshots, screencast, etc. Access to a live remote desktop session while running tests, can breakpoint tests to enable stopping/investigating problems. SauceConnect available for secure tunneled testing of local or firewalled sites. Plugins available for Travis, Jenkins, Bamboo, more.
Open-source tool set, originally from Thoughtworks. Consists of multiple related tools/projects including:
* Selenium IDE, a Firefox add-on for record/playback tests in Firefox 2+; can be used to generate code to run tests with Selenium Remote Control.
* Selenium Remote Control, a client/server system enabling control of web browsers locally or on other computers, using almost any programming language and testing framework.
* Selenium WebDriver, for driving a browser natively either locally or on remote machines. Works with most browsers and OS's.
* Selenium Grid, which enables use of Selenium Remote Control to run tests on many servers simultaneously, reducing time needed to test multiple browsers or OS's.
Selenium Grid - An open source web functional testing tool that can transparently distribute your tests on multiple machines to enable running tests in parallel, cutting down the time required for running in-browser test suites. This enables speed-up of in-browser web testing. Selenium tests interact with a 'Selenium Hub' instead of Selenium Remote Control. The Hub allocates Selenium Remote Controls to each test. The Hub is also in charge of routing the Selenium requests from the tests to the appropriate Remote Control as well as keeping track of testing sessions.
ios-driver - Open source tool for testing IOS native, hybrid, or mobile web apps using the Selenium/Webdriver API. Includes ios-driver Inspector to examine native app elements, similar to Firebug.
Watir - 'Web Application Testing in Ruby', an open-source family of web automation libraries in Ruby. The libraries support IE on Windows, Firefox on Windows, Mac and Linux, Safari on Mac, Chrome on Windows and Flash testing with Firefox. Note: Firewatir (targeting Firefox) was merged with Watir. For a listing of additional tools that are available to extend some capabilities - see the Watir site and also Alternative Tools for Web Testing' page at the OpenQA site for more info.
WatiN - 'Web Application Testing in .Net', an open-source tool, drives MSIE and Firefox browser and checks results. Uses C#. Automates all major HTML elements, find elements by multiple attributes, supports AJAX website testing, supports frames (cross domain) and iframes, supports popup dialogs like alert, confirm, login etc.,supports HTML dialogs (modal and modeless), and has a basic (extensible) logging mechanism Also available is a WatiN Test Recorder (also for recording tests for Celerity, SODA, WatiR)
Jubala - Open source tool for automated functional GUI testing for HTML and Java applications. Available as part of an Eclipse package, via an update site and as a standalone application with an easy-to-use installer. View current and previous test results in Jubula client; automatic screenshot on error. Supports HTML, Swing, SWT/RCP/GEF applications; heuristic object recognition, command line client for continuous integration, context-sensitive help in client, projects stored in multi-user database, portability and version control via exports in XML format. Contributed by BREDEX GmbH, who also develop GUIdancer, which is based on the Jubula core and offers additional features. Jubala is platform independent - Windows, Linux/Unix and Mac.
Fabasoft app.test - Web test tool from Fabasoft Distribution GmbH; tests are based on patterns to reduce the complexity of HTML and Java applications - no XPath or CSS expressions are stored in the test but meaningful and understandable statements. Patterns for web sites can be designed by using the point-and-click editor as an Eclipse Plugin. Tests can be recorded by using the point-and-click recorder in all supported web browsers (IE, Firefox, Safari) and immediately be replayed in all other browsers without modification. Various Ant-Tasks provide seamless integration into Continuous Integration systems like Hudson. Generates various reports as HTML or PDF; errors documented with screenshots and various dumps. Supports Win, Linux, Mac OS-X; free and premium $ versions available.
Janova - A web-based, automated web testing tool that runs functional tests securely in the cloud. Users configure Janova using project structures of Features (test scripts), Pages and Flows to access their web-based application and define the requirements of the site in English. Features describe how the application is supposed to work; once a feature has been created, a user defines what verification elements are supposed to be on the web page. Includes detailed test results reports.
Twist - Integrated Development Environment (IDE) from Thoughtworks Studios for agile functional testing of web apps and Java Swing apps. Uses an enhanced version of Selenium ("TwistSelenium") to drive web app testing, which has many fixes on top of Selenium, and adds functionality such as a recorder. Capabilities include: Express requirements directly as test specifications in English (or any UTF-8 supported language) using your domain language; map test specifications to the underlying code and navigate between them with IDE-support; out-of-the-box support for Test Driven Development. Java-based - runs on Windows, Linux and Mac OS X.
QF-Test - QF-Test/web from Quality First Software is a cross-platform software tool for cross-browser test automation of web-based applications (HTML, AJAX, ExtJS, GWT, RAP, ZK, Qooxdoo, Vaadin, PrimeFaces, RichFaces) and Java apps. Includes small-scale test management capabilities, capture/replay mechanism, intuitive user interface and extensive documentation, reliable component recognition and can handle complex and custom GUI objects, integrated test debugger and customizable reporting.
Fabasoft app.test - Web test tool from Fabasoft Distribution GmbH; includes recorder, multi-browser support, dialog and script error handler, errors are documented with a screenshot and various dumps, various reports are generated and provided as HTML or PDF; more. Available as free and $ versions.
Cloud Testing Service - Web testing utilizing cloud capabilities, from Cloud Testing Limited. Involves first recording web functionality via browser and Selenium IDE, uploading scripts to the Cloud Testing website; then scripts run using real browsers on real operating systems in the testing cloud; results are available as screenshots, HTML & component diagnostics. Test can be re-run whenever needed or as scheduled. Cross Browser feature enables test runs in multiple browsers (IE, Firefox, Safari, Opera, Google Chrome) and comparing appearance/results side-by-side. Cloud load testing and site monitoring services also available.
SlimDog - A simple script based web application testing tool. It is based on httpunit. The tool offers a wide range of commands to work with forms, check the content of tables and navigation between HTML pages. Rather than writing long JUnit testcases or crucial XML files the users can write simple text scripts. Each line of the script file will contain one command which is a testnode. All commands inside one file will be processed as a testcase. The syntax of every command is simple and easy to learn. Several scripts can be combined to a testsuite. The results are written either to the console, a file or as a HTML page.
TestOptimal - Functional/regression and load/stress testing automation platform for web applications and Java applications, from TestOptimal. Utilizes Model-Based Testing (MBT) and Mathematical Optimization techniques; test case generation and execution directly from the application model. TestOptimal is a web application itself; can be integrated with JUnit and run inside Eclipse or NetBeans. Application modeling with graphs - state chart XML (SCXML) with drag and drop user interface running on standard browser; many test sequencers (test generation) to meet different testing needs, test automation with Java or mScript (XML-based scripting), statistical analysis on test executions and virtual (concurrent) users for load testing. With its WebService interface, can be integrated with other testing tools like Quality Center and QTP. Multiple browser support. For Windows, linux and unix.
Ranorex Automation Framework - A Windows GUI test automation framework from Ranorex GmbH for testing many different application types including Web 2.0 applications, Win32, MFC, Delphi, WPF, Flash/Flex, .NET, Silverlght, Java (SWT). Also enables mobile (iOS, Android, Windows8 UI) test automation as well as mobile web test automation (iOS). Avoids proprietary scripting languages and instead enables use of the functionalities of programming languages VB.NET or C# as a base and expand on it with its GUI automation functionality. The Ranorex Spy tool allows users to explore/analyze host or web applications. Ranorex object repositories and repository browser enables separation of test automation code/recordings from RanoreXPath identification information. The IDE includes test project management, integration of all Ranorex tools (Recorder, Repository, Spy), intuitive code editor, code completion, debugging, and watch monitor.
Capybara - Open source tool from Jonas Nicklas available as a Ruby gem; aims to simplify the process of integration testing Rack applications, such as Rails, Sinatra or Merb. It is inspired by and aims to replace Webrat as a DSL for interacting with a web application. Automatically waits for your content to appear on the page - manual sleeps not needed. It is agnostic about the driver running tests and as of comes bundled with support for Rack::Test and Selenium support built in. WebKit is supported through an external gem.
CubicTest - An open source graphical Eclipse plug-in for writing functional web tests in Selenium and Watir. Makes web tests faster and easier to write, and provides abstractions to make tests more robust and reusable. Tests are stored in XML, directly mapped from the CubicTest domain model to XML via XStream. Tests can at any time be exported to Selenium Core tables or Watir test cases. Supports recording; maven.
Testing Anywhere - Test automation tool from Automation Anywhere Inc. for web and application GUI testing, using 'SMART' Automation Technology. Capabilities include: conversion of test scripts to .exe, web recorder, image recognition, script editor with 500+ commands. For Windows platforms.
StoryTestIQ - StoryTestIQ (STIQ) is a test framework used to create Automated Acceptance Tests. It's a mashup of Selenium and FitNesse: its "wiki-ized" Selenium with widgets and features that make it easier to write and organize Selenium tests.
Watij - Web Application Testing in Java, an open source pure Java API. Based on the simplicity of the Watir open source web test framework and enhanced by the capabilities of Java; automates functional testing of web apps through a real browser. Provides a BeanShell Desktop console; For MS IE on Windows.
AutoMate - Automation platform from Network Automation, includes capability to simulates GUI activity via the browser.Inc with robust automated testing capabilities. Capabilities include support for HTTPS; Microsoft Excel Integration; a test run Event Database, native Terminal Emulation support. Tasks can be developed via drag-and-drop without writing code. Runs on Windows platforms.
Automation Anywhere - Functional test automation tool from Tethys Solutions, LLC, includes web test automation capabilities - includes a web recorder that understands web controls; web page data extraction capabilities. For Win platforms
Avignon Acceptance Testing System - Open source acceptance test system that allows writing of executable tests in a language that the user can define. It uses XML to define the syntax of the language but, if the user chooses to extend the language, allows the semantics of the tests to be user-defined. Includes modules for testing web applications through either IE or FireFox, and modules for testing Swing and .NET WinForm applications also..
Fitnesse - A lightweight, open-source framework that makes it easy for software teams to collaboratively define Acceptance Tests -- web pages containing simple tables of data inputs and expected outputs, and run those tests and see the results. The tables are expressed in the form of a wiki; the Fitnesse wiki enables easy creation and editing of the Wiki/Fitnesse pages. FitNesse is a web server.
WebFT - Web-centric functional testing solution from Radview, supports both established and emerging web technologies. Provides a visual environment for creating Agendas (scripts) that include test recording, editing, debugging, verification and reporting features.
Floyd - A Java library for automated testing of web applications; provides full control of standard web browsers such as Firefox and MSIE. Interaction with the browser and any loaded web pages is achieved via calls to Floyd's Java API. Has two main components: a normal browser embedded into the web application and controlled via its public interface, and an embedded servlet container/web server. Can be used with any unit test library.
Imprimatur - Free web functional testing tool by Tony Locke, written in Java as a command-line application. Tests are described in a simple XML file; along with standard GET, POST and DELETE methods, handles HTTP authentication and file uploads. Responses can be validated using regular expressions.
WET - Open source web testing tool that drives MSIE directly; from Qantom Software Pvt. Ltd. Has many features like multiple parameter based object identification for more reliable object recognition, support for XML Based Object Repository and more. Scripting in Ruby; written in Ruby.
SOASTA - A suite of visual tools for automated web functional and load testing from SOASTA, Inc. Available as services on the web. Drag and drop visual interface that also allows access to underlying message complexity. Task-specific visual editors support creation of targets, messages, test cases, and test compositions. Related tools: CloudTest and free version, CloudTest Lite.
Regression Tester - Web test tool from Info-Pack.com allows testing of functionality of any page or form Reports are fully customizable.
Yawet - Visual web test tool from InforMatrix GmbH enables graphical creation of web app tests. Create, run and debug functional and regression tests for web applications. Can verify HTML, XML, and PDF; ability to do report generation, reusable step libraries and parameterization. Freeware; downloadable jar file.
SWExplorerAutomation - Low cost web tool from Webius creates an automation API for any Web application which uses HTML and DHTML and works with MSIE. The Web application becomes programmatically accessible from any .NET language. The SWExplorerAutomation API provides access to Web application controls and content. The API is generated using SWExplorerAutomation Visual Designer, which helps create programmable objects from Web page content. Features include script recording and VB/C# code generation.
Funkload - Free web functional testing and load testing tool written by Benoit Delbosc in Python and distributed as free software under the GNU GPL. Emulates a web browser (single-threaded) using webunit; https support; produces detailed reports in ReST, HTML, or PDF. Functional tests are pure Python scripts using the pyUnit framework.
WebCorder - Free GUI web testing tool from Crimson Solutions, developed in VB. Designed for end users who are doing web based software testing, as a simple tool to record test scenarios, and play them back and generate log files. The user may also check for text or images on the screen or save screenshots.
Soda - Selenium Node.JS adapter - an open source light-weight Selenium RC client for NodeJS, with additional Sauce Labs integration for acceptance testing in the cloud. From LearnBoost.com. Supports multiple browsers and versions.
PesterCat - Low cost web functional testing tool from PesterCat LLC. Features include recording and playback of HTTP web requests, XML format for saved scripts, HTTP response validations, perform backend database validations or call procedures, use variables and variable setters to make scripts dynamic, automate test scripts with Ant tasks to run scripts and generate reports. Requires Java JRE; for Linux, Mac OSX, and Windows.
QEngine - Automated testing tool from Zoho Corp. for functional testing of web applications and web services. For Linux anx Windows. Records and plays in IE, Mozilla, and Firefox browsers.
Test Complete Enterprise - Automated test tool from AutomatedQA Corp. for testing of web applications as well as Windows, .NET, and Java applications. Includes capabilities for automated functional, unit, regression, manual, data-driven, object-driven, distributed and HTTP load, stress and scalability testing. Requires Windows and MSIE.
actiWate - Java-based Web application testing environment from Actimind Inc. Advanced framework for writing test scripts in Java (similar to open-source frameworks like HttpUnit, HtmlUnit etc. but with extended API), and Test Writing Assistant - Web browser plug-in module to assist the test writing process. Freeware.
WebInject - Open source tool in PERL for automated testing of web applications and services. Can be used to unit test any individual component with an HTTP interface (JSP, ASP, CGI, PHP, servlets, HTML forms, etc.) or it can be used to create a suite of HTTP level functional or regression tests.
jWebUnit - Open source Java framework that facilitates creation of acceptance tests for web applications. Provides a high-level API for navigating a web application combined with a set of assertions to verify the application's correctness including navigation via links, form entry and submission, validation of table contents, and other typical business web application features. Utilizes HttpUnit behind the scenes. The simple navigation methods and ready-to-use assertions allow for more rapid test creation than using only JUnit and HttpUnit.
SimpleTest - Open source unit testing framework which aims to be a complete PHP developer test solution. Includes all of the typical functions that would be expected from JUnit and the PHPUnit ports, but also adds mock objects; has some JWebUnit functionality as well. This includes web page navigation, cookie testing and form submission.
WinTask - Macro recorder from TaskWare, automates repetitive tasks for Web site testing (and standard Windows applications), with its HTML objects recognition. Includes capability to expand scope of macros by editing and adding loops, branching statements, etc. (300+ commands); ensure robustness of scripts with Synchronization commands. Includes a WinTask Scheduler.
Canoo WebTest - Free Java Open Source tool for automatic functional testing of web applications. XML-based test script code is editable with user's preferred XML editor; until recording capabilities are added, scripts have to be developed manually. Can group tests into a testsuite that again can be part of a bigger testsuite. Test results are reported in either plain text or XML format for later presentation via XSLT. Standard reporting XSLT stylesheets included, and can be adapted to any reporting style or requirements.
TestSmith - Functional/Regression test tool from Quality Forge. Includes an Intelligent, HTML/DOM-Aware and Object Mode Recording Engine, and a Data-Driven, Adaptable and Multi-Threaded Playback Engine. Handles Applets, Flash, Active-X controls, animated bitmaps, etc. Controls are recorded as individual objects independent of screen positions or resolution; playback window/size can be different than in capture. Special validation points, such as bitmap or text matching, can be inserted during a recording, but all recorded items are validated and logged 'on the fly'. Fuzzy matching capabilities. Editable scripts can be recorded in SmithSript language or in Java, C++ or C++/MFC.
MITS.GUI - Unique test automation tool from Omsphere LLC; has an intelligent state machine engine that makes real-time decisions for navigating through the GUI portion of an application. It can test thousands of test scenarios without use of any scripts. Allows creation of completely new test scenarios without ever having performed that test before, all without changing tool, testware architecture (object names, screen names, etc), or logic associated with the engine. Testers enter test data into a spreadsheet used to populate objects that appear for the particular test scenario defined.
Badboy - Tool from Bradley Software to aid in building and testing dynamic web based applications. Combines sophisticated capture/replay ability with performance testing and regression features. Free for most uses; source code available.
SAMIE - Free tool designed for QA engineers - 'Simple Automated Module For Internet Explorer'. Perl module that allows a user to automate use of IE via Perl scripts; Written in ActivePerl, allowing inheritance of all Perl functionality including regular expressions, Perl dbi database access, many Perl cpan library functions. Uses IE's built in COM object which provides a reference to the DOM for each browser window or frame. Easy development and maintenance - no need to keep track of GUI maps for each window. For Windows.
PAMIE - Free open-source 'Python Automated Module For Internet Explorer' Allows control of an instance of MSIE and access to it's methods though OLE automation . Utilizes Collections, Methods, Events and Properties exposed by the DHTML Object Model.
PureTest - Free tool from Minq Software AB, includes an HTTP Recorder and Web Crawler. Create scenarios using the point and click interface. Includes a scenario debugger including single step, break points and response introspection. Supports HTTPS/SSL, dynamic Web applications, data driven scenarios, and parsing of response codes or parsing page content for expected or unexpected strings. Includes a Task API for building custom test tasks. The Web Crawler is useful for verifying consistency of a static web structure, reporting various metrics, broken links and the structure of the crawled web. Multi-platform - written in Java.
Solex - Web application testing tool built as a plug-in for the Eclipse IDE (an open, extensible IDE). Records HTTP messages by acting as a Web proxy; recorded sessions can be saved as XML and reopened later. HTTP requests and responses are fully displayed in order to inspect and customize their content. Allows the attachment of extraction or replacement rules to any HTTP message content, and assertions to responses in order to validate a scenario during its playback.
QA Wizard Pro - Automated functional test tool for web, windows, and java applications from Seapine Software. Includes a next-generation scripting language, 'smart matching', a global application repository, data-driven testing support, validation check points, and built-in debugging, batch file support, a real-time status tool, and remote execution support.
HttpUnit - Open source Java program for accessing web sites without a browser, from SourceForge.net/Open Source Development Network, designed and implemented by Russell Gold. Ideally suited for automated unit testing of web sites when combined with a Java unit test framework such as JUnit. Emulates the relevant portions of browser behavior, including form submission, basic http authentication, cookies and automatic page redirection, and allows Java test code to examine returned pages as text, an XML DOM, or containers of forms, tables, and links. Includes ServletUnit to test servlets without a servlet container.
iOpus Internet Macros - Macro recorder utility from iOpus Inc. automates repetitious aspects of web site testing. Records any combination of browsing, form filling, clicking, script testing and information gathering; assists user during the recording with visual feedback. Power users can manually edit a recorded macro. A command line interface allows for easy integration with other test software. Works by remote controlling the browser, thus automatically supports advanced features such as SSL, HTTP-Redirects and cookies. Can handle data input from text files, databases, or XML. Can extract web data and save as CSV file or process the data via a script. For Windows and MSIE.
MaxQ - Free open-source web functional testing tool from Tigris.org, written in Java. Works as a proxy server; includes an HTTP proxy recorder to automate test script generation, and a mechanism for playing tests back from the GUI and command line. Jython is used as the scripting language, and JUnit is used as the testing library.
TestDrive-Gold - Test tool from Original Software Group Ltd. utilizes a new approach to recording/playback of web browser scripts. It analyses the underlying intentions of the script and executes it by direct communication with web page elements. IntelliScripting logic removes the reliance on specific browser window sizes, component location and mouse movements for accurate replay, and for easier script maintenance; supports hyperlinks targeted at new instances of browser. Playback can run in background while other tasks are performed on the same machine.
TestPartner - Automated software testing tool from Microfocus (formerly from Compuware) designed specifically to validate Windows, Java, and web-based applications. The 'TestPartner Visual Navigator' can create visual-based tests, or MS VBA can be used for customized scripting.
eValid - Web functional test tool from Software Research Inc. Browser-centric view simplifies test recording and editing, and replays user activity with accuracy by combining browser-internal data, timers, event counters, and direct DOM access. Can be used for AJAX-based web development methodologies. The built-in test suite management system eV.Manager controls test suite structure, runs tests automatically, records detailed logs and pass/fail statistics, and can handle hundreds of thousands of tests.
Rational Functional Tester - IBM's (formerly Rational's) automated tool for testing of Java, .NET, and web-based applications. Enables data-driven testing, choice of scripting languages and editors. For Windows and Linux.
QuickTest Pro - Functional/regression test tool from HP (formerly Mercury); keyword-driven; includes support for testing Web, Java, ERP, etc.
SilkTest - Functional test tool from Microfocus (formerly from Borland, formerly from Segue) for Web, Java or traditional client/server-based applications. Features include: test creation and customization, test planning and management, direct database access and validation, recovery system for unattended testing, and IDE for developing, editing, compiling, running, and debugging scripts, test plans, etc.
Web Site Security Test Tools
Brakeman - Open source ruby static code analysis tool checks Ruby on Rails apps for security vulnerabilities. Plugin available for Jenkins/Hudson. Works with Rails 2.x, 3.x, and 4.x.
SecureAssist - Just-in-time secure coding guidance for developers through an IDE plug-in for Eclipse and Visual Studio. From Cigital Inc. Identifies security bugs as code is created, ?pushes? expert guidance to the IDE and provides real-time feedback to developers, eliminating defects before they impact future development. Automatically detects risky code. Issues are itemized within the IDE and linked to the line of code where problems appear. For Java, PHP, and .NET.
NTOSpider - Web application security scanner from NT OBJECTives. Analyzes site exposure risk, ranks threat priorities, produces highly graphical HTML reports, and indicates site security posture by vulnerabilities and threat exposure. Analyzes site structure, content and configuration to identify inherent exposure to future or emerging threats, produces a security posture rating and qualitative analysis of findings, with a complete catalog of all site resources and their attributes (e.g. forms, cookies, scripts, SQL strings and ODBC connectors, authentication, applets/objects, hidden fields, etc). Also available is NTOSpider On-Demand, for Saas based scanning.
SiteDigger - Free tool fr5om McAffee searches Google?s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites. Includes selectable signatures, selectable domain/sub-domain, ability to save signature selection and result set. Requires MS .NET Framework.
MileScan ParosPro - Web security auditing platform from Milescan Technologies. Capabilities include a network spider to collect information about a site's hierarchy; vulnerability scanning based on plug-ins written to target common web vulnerabilities, including many popular Content Management Systems vulnerabilities; simulates hacker attacks; scan scheduling; more.
NTO SQL Invader - SQL Injection analysis tool from NTO OBJECTives, Inc. Enables analysis of SQL Injection vulnerabilities in web apps. Test SQL injection vulnerability to view data from back-end databases. GUI interface enables analysis results presentation helpful for both management level meetings and technical analysis and remediation.
Aribisec Web Analyzer - Web based online tool scans for potentially malicious links, analyzes HTML code, and checks server information and various parameters, without exposing the user to malicious content and without revealing your own web session. Can provide a quick and detailed overview of the security state of a web project. Free and paid $ versions.
Golem - Online web site security scanning service; available as one-time scan or periodic scanning service.
Skipfish - Open source active web application security scanner from Michal Zalewski/Google. Prepares interactive sitemap by carrying out a recursive crawl and dictionary-based probes. The map is then annotated with the security check output. The final output report is meant to serve as a foundation for professional web application security assessments. Goals for the tool are stated as: Raw speed; Unique brute-force capabilities: includes utilization of highly customized, hand-picked dictionaries, and a unique auto-learning feature that builds an adaptive, target-specific dictionary based on site content analysis; High quality security checks with an emphasis on well-crafted probes, and on testing for behavioral patterns, rather than signatures; Coverage of more nuanced problems - looks for significant security issues often neglected by other tools - such as caching intent mismatches, mixed content issues, XSSI, third-party scripts, cross-site request forgery, etc; Adaptive scanning for real-world applications - handles complex, mixed technology sites such as recognizing obscure 404 behaviors, unusual parameter passing conventions, redirection patterns, content duplication, etc; Sleek reports with minimal noise.
Seeker - Web security testing app from Quotium Technologies. Runs automatic and adaptive processes to accurately and quickly detect vulnerabilities. Pinpoints and reveals the most at-risk areas of source code and suggests code corrections for immediate implementation. Supports complex web development environments such as AJAX, Adobe Flex & Air, RIA, .Net, J2EE, Webservices, secure exchanges (HTTPS), etc.
WebSecurify - Open source integrated web security testing environment from GNUCITIZEN Information Security Think Tank, for identifying web vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. Designed to perform automated as well as manual vulnerability tests; Automatically detected vulnerabilities include: SQL Injection, local and remote file include, cross-site scripting, cross-site request forgery, information disclosure problems, session security problems, others including all categories in the OWASP TOP 10. Platform components can be extended with the help of add-ons and plugins. so task and business specific customizations can be introduced without cross-platform issues, deployment, internationalization and future support.
Samurai Web Testing Framework - Open source web pen testing framework from Inguardians Inc. includes a live linux environment that has been pre-configured to function as a web pen-testing environment. Includes a variety of open source and free tools web pen testing tools. Includes reconnaissance, mapping, discovery, and exploitation tools, and a pre-configured wiki set up to be the central information store during pen testing.
Tarantula - Open source tool from Relevance Inc. that crawls your Rails application, fuzzing data to see what breaks.
RATS - The Rough Auditing Tool for Security is an open source code security analysis tool developed by Secure Software, which was acquired by Fortify Software/HP. Scans C, C++, Perl, PHP and Python source code and flags common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. Provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, its potential severity, and potential remedies. Also performs some basic analysis to try to rule out conditions that are obviously not problems. As the name implies, it provides a rough analysis of source code, and will not find all errors, and will find things that are not errors; can be used as an aid to manual code inspection. Not updated since 2009.
beSTORM - Software security analysis fuzzing tool from Beyond Security; can be used for securing in-house software applications and devices, as well as testing the applications and devices of external vendors. Tries virtually every attack combination, intelligently starting with the most likely scenarios and detects application anomalies which indicate a successful attack. Also available is hosted service WSSA - Website and Web Server Security Auditing. Provides a complete report with the facts and recommendations needed to take corrective action. 15-day free trial.
Zed Attack Proxy (ZAP) - An easy to use free open-source integrated penetration testing tool for finding vulnerabilities in web applications; a fork of the well regarded Paros Proxy. Designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Includes Intercepting Proxy, Automated scanner, Passive scanner, Brute Force scanner, Spider, Port Scanner, comprehensive help pages, cross platform, requires java 1.6.
SPIKE Proxy - Free tool from Immunity Inc; looks for application-level vulnerabilities in web applications. It covers the basics, such as SQL Injection and cross-site-scripting, but it's completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on. SPIKE Proxy is available for Linux and Windows. Note: requires a working install of Python and pyOpenSSL on Linux. This is included in the Windows distribution.
Powerfuzzer - Open source automated customizable Web fuzzer; based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. Capable of spidering website and identifying inputs. Capable of identifying common web vulnerabilities (incl. XSS, SQL Injection). Supports https. Written in python. Project leader is Marcin Kozlowski. Commercial version Powerfuzzer Online available as an online service.
Wapiti - Open source vulnerability scanner for web applications. It checks vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections. Uses Python; no SSL support.
nCircle Certified PCI Scan Service - External scan service from nCircle for all PCI Data Security Standard-relevant conditions. Upon completion of the scan, merchants have access to an auto-generated PCI Security Standards Council certified report. The scan report clearly indicates whether the merchant's payment network is secure, in which case the merchant may download the report and submit it to the acquiring bank.
SecPoint Penetrator - Site/network security testing tool from SecPoint ApS, available as penetration testing appliance or as a web-based service. Provides full vulnerability scanning, pen testing and capability to launch real exploits. Can change the IP addresses to scan on the license and can brand reports with your own logo. Scan for both Web and Host vulnerabilities; more than 14.000 remote unique vulnerabilities; including Cross Site Scripting (XSS), SQL Injection, Directory Traversal vulnerabilities, command execution vulnerabilities, information disclosure vulnerabilities, file inclusion vulnerabilities.
Kyplex Cloud Security Scanner - Cloud-based web site security scanning service - no installation or network modifications required. Capabilities include cross site scripting attacks (XSS), detects hidden directories and backup files, looks for known security vulnerabilities, searches for SQL Injection vulnerabilities, more. Finds complex security breaches and web server configuration errors, as well as zero-day vulnerabilities. From Kyplex Ltd.
HP Fortify - Security product suite from HP (formerly Fortify Software) includes vulnerability detection. Integrates static source code analysis, dynamic runtime analysis, and real-time monitoring to identify and accurately prioritize the greatest number of critical security vulnerabilities. Capabilities include the Program Trace Analyzer (PTA) that finds vulnerabilities that become apparent only while an application is running - integrate into a QA test to find vulnerabilities while a functional test is being conducted on an application.
OWASP Security Testing Tools - Variety of free and open source web security testing tools via the OWASP (Open Web Application Security Project) site. SQLiX is an SQL injection vulnerability test tool that uses multiple techniques - conditional errors injection; blind injection based on integers, strings or statements, MS-SQL verbose error messages ("taggy" method); can identify database version and gather info for MS-Access, MS-SQL, MySQL, Oracle and PostgreSQL. Other security testing tools available include WSFuzzer, WebScarab, Tiger, LAPSE, Pantera, etc.
Retina - Vulnerability management platform from eEye Inc. for large, complex web sites and web applications. Identifies application vulnerabilities as well as site exposure risk, ranks threat priority, produces graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat level. Also performs an advanced site analysis on site structure, content and configuration to identify inherent exposure to future or emerging threats.
Hailstorm - Automated web security testing tool from Cenzic Inc.; customize and configure tests based on requirements, or use pre-sets for quick assessments. Capabilities include: prioritize vulnerabilities with a quantitative score called HARM; easy-to-use wizard-based interface; 'SmartAttacks' library, updated frequently; comprehensive reports with detailed remediation information and export capabilities; administrator control over user roles, tasks and privileges. Enterprise, Pro, Core, and Starter versions.
GamaSec - Automated online website vulnerability assessment delivers proactive tests to Web Servers, Web-interfaced Systems, and Web-based Applications. Configurable scan intervals/frequency. Supports a wide variety of HTTP Authentication schemes, common HTTP protocol, BASIC, NTLM with abilities to analyze the broadest web technologies; PHP, ASP.NET, ASP, etc.
Wikto - Web server security assessment tool for windows servers, open source, from SensePost. It's three main sections are its Back-End miner, Nikto-like functionality, and Googler to obtain additional directories for use by the other two. Includes ability to export results to CSV file
Nikto Scanner - Open source web server scanner from CIRT.net which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated.
HP WebInspect - WebInspect automated security assessment tool for web applications and services, from HP (Formerly SPI Dynamics). Identifies known and unknown vulnerabilities, includes checks that validate proper web server configuration. Capabilities includes discovery of all XML input parameters and parameter manipulation on each XML field looking for vulnerabilities within the service itself. Requires Windows and MSIE.
AppScan - Tool suite from Rational/IBM (formerly Watchfire) automates web application security testing, produces defect analyses, and offers recommendations for fixing detected security flaws. Assessment module can be used by auditors and compliance officers to conduct comprehensive audits, and to validate compliance with security requirements. Includes static code analysis capabilities. Also available as a hosted service.
Defensics Core Internet Test Suite - Security testing tool from Codenomicon Onc. searches and preemptively eliminates security-related flaws from the implementations that create the backbone of the modern Internet and communication between the networked devices. This includes, but is not limited to, routers, switches, firewalls, desktop and server systems, laptops, PDAs, cell phones and other mobile systems, as well as a large number of various embedded systems. Because several protocols from this category are often tightly coupled with the underlying operating system, serious flaws in handling them may easily result in total system compromises.
Perimeter Check - SecurityMetrics 'Perimeter Check' service analyzes external network devices like servers, websites, firewalls, routers, and more for security vulnerabilities which may lead to interrupted service, data theft or system destruction. Includes instructions to help immediately remedy security problems. Can automatically schedule vulnerability assessment of designated IP addresses during low traffic times.
Core Impact Pro - Security testing tool from Core Security Technologies for web apps and other systems. Uses penetration testing techniques to safely identify exposures to critical, emerging threats and trace complex attack paths
Snort - Open source network intrusion prevention and detection system from Sourcefire Inc.; uses a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. Can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
SecurityMetrics Appliance - Integrated software and hardware device includes Intrusion Detection and Prevention Systems and Vulnerability Assessment. Operates as a Layer 2 Bridge - no network configuration needed. Automatically downloads latest IDS attack signatures, vulnerability assessment scripts and program enhancements nightly.
Nessus - Vulnerability scanner from Tenable Network Security with high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. Free for home users; annual fee for Professional license. Updated continuously. Includes scripting language for writing custom plugins.
Security Center - Security management tool from Tenable Network Security for asset discovery, vulnerability detection, event management and compliance reporting for small and large enterprises. Includes management of vulnerability, compliance, intrusion and log data. Company also provides the Nessus Vulnerability Scanner, and Passive Vulnerability Scanner.
SARA - 'Security Auditor's Research Assistant' Unix-based security analysis tool from Advanced Research Corp. Supports the FBI/SANS Top 20 Consensus; remote self scan and API facilities; plug-in facility for third party apps; SANS/ISTS certified, updated bi-monthly; CVE standards support; based on the SATAN model. Freeware. Also available is 'Tiger Analytical Research Assistant' (TARA), an upgrade to the TAMU 'tiger' program - a set of scripts that scan a Unix system for security problems.
Qualys Free Security Scans - Several free security scan services from Qualys, Inc. including SANS/FBI Top 20 Vulnerabilities Scan, network security scan, and browser checkup tool.
GFiLANguard - Network vulnerability and port scanner, patch management and network auditing tool from GFI Software. Scans using vulnerability check databases based on OVAL and SANS Top 20, providing thousands of vulnerability assessments.
Qualys Guard - Online service that does remote network security assessments; provides proactive 'Managed Vulnerability Assessment', inside and outside the firewall,
Lumension Scan - Stand-alone network-based scanning solution from Lumension Security that performs a comprehensive external scan of all of the devices on your network, including servers, desktop computers, laptops, routers, printers, switches and more; risk-based prioritization of identified threats; continuously updated vulnerability database for orderly remediation; comprehensive reports of scan results
Secure-Me - Automated security test scanning service from Broadbandreports.com for individual machines. Port scans, denial-of-service checks, 45 common web server vulnerability checks, web server requests-per-second benchmark, and a wide variety of other tests. Limited free or full licensed versions available.
SAINT - Security Administrator's Integrated Network Tool - Security testing tool from SAINT Corporation. An updated and enhanced version of the SATAN network security testing tool. Updated regularly; CVE compatible. Includes DoS testing, reports specify severity levels of problems. Single machine or full network scans. Also available is 'WebSAINT' self-guided scanning service, and SAINTbox scanner appliance. Runs on many UNIX flavors.
NMap Network Mapper - Free open source utility for network exploration or security auditing; designed to rapidly scan large networks or single hosts. Uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and many other characteristics. Runs on most flavors of UNIX as well as Windows.
Foundstone - Vulnerability management software tools from McAfee/Network Associates can provide comprehensive enterprise vulnerability assessments, remediation information, etc. Available as a hardware appliance, software product, or managed service.
OWASP Security Testing Tools Listing - Listing of commercial, free, and open source security testing tools, source code analyzers, and binary analysis tools via the OWASP (Open Web Application Security Project) site.
Top 125 Security Tools - Listing of 'top 125' network security tools from survey by Gordon Lyon/Insecure.org/Sectools.org. (Includes various types of security tools, not just for testing.)
External Site Monitoring Services
Monitive Website Monitoring Service - Monitoring services for websites, MySQL, FTP, POP3, IMAP, DNS and many other. Periodically checks a site from multiple worldwide locations and sends notifications when they go down via SMS text, email or Twitter DM. It also monitors performance by measuring server connect, transmit and response times, executes automatic diagnosis, sends weekly reports, displays charts and more.
Check my Website - A SaaS service from Novateek SARL to remotely monitor website availability and performance every minute (or less) from various locations around the world. Notifications via email and SMS are fired when problems occur. Free service also available for Open Source projects and non profit organizations.
Uptrends Website Monitoring - Service from Uptrends.com to monitor websites, servers, transactions, SSL Certificates and more from a global and end-user perspective, all from the cloud.
GotSiteMonitor - Web site uptime monitoring service from Vannet Technology provides five free website monitors with 5-minute monitoring interval. Monitor website downtime/slowness, track website performance, check webpage content, check SSL secure certificate. Free limited phone/sms alert credits. 12 monitoring locations across 4 continents. Flexible monitoring location configuration. Upgrades available to paid plans.
Web App Monitoring Pack - Monitor external and internal websites & web applications; from SolarWinds. Multi-location monitoring of end user experience and web page latency issues (DNS lookup, connection & send time, download time, etc.). Resource availability and performance monitoring for server hardware, web servers, databases & applications to include SharePoint, Java, Citrix XenApp & more.
Sentinel - Comprehensive web site monitoring tool from Reflective Solutions. Simultaneously monitors multiple system components (OS, DB servers, app servers, web servers, etc). Enables staff to easily understand problems and identify root causes. Can provide detailed historical data, trend analysis, and customizable reporting, tables and graphs. Configurable alert thresholds and notification settings. Components include controller, viewer, and resource monitor packs for a variety of OS's, databases, web servers, and apps.
Catchpoint Web Performance Monitoring - Site monitoring service from Catchpoint Systems, Monitors the performance of webpages, APIs, DNS, and FTP from several locations around the world. Provides detailed analysis that assists in quick detection of problems and quick resolution times. Includes support for Selenium transaction scripts.
Alertfox - Real browser website and web application performance monitoring service from iOpus Inc. Supports transaction monitoring of sites that use complex HTML, AJAX, Flash, Flex, and Silverlight. In-depth root cause analysis for trouble-shooting sporadic issues.
iGlass Small Business Web Server Monitoring Service - Web site monitoring service from iGlass Networks.
SiteRay - External site monitoring service from Silktide Ltd. Enterprise tool for automatically testing website accessibility, marketing, usability, spelling, performance, compliance, frequency of updates and more. Test and compare scores between websites, e.g. competitors and peers.
SiteObservers - Monitoring services checks web site availability and performance from outside the firewall with monitoring locations worldwide.
Vantage for Server Performance - Service from Compuware examines applications, servers and databases to proactively identify performance problems. Uses agentless and agent-based monitoring and is for businesses with applications that must meet high service levels. Works with a variety of databases, middleware, ERP.
IP-label.newtest - An external availability and performance monitoring solution for internet services (websites, streaming, mail servers etc) and business applications based upon an extensive network of measurement points worldwide which provide real-time insight into how internet users experience a website.
Techout - Measure and optimize speed and availability of critical online applications. Website monitoring, business transaction monitoring, REST/SOAP Web Services Monitoring, Cloud Monitoring/Amazon Web Service Monitoring, more. Also available as an iPhone application.
100Pulse - Online Website Monitoring service from HIOX Web Services; free and paid services available. Monitor websites, Port and DNS Servers for availability and performance; free Instant alerts through E-mail, RSS Feed and Google gadget; analyze site's periodic performance through graphs, charts and statistical data; periodical Reports customizable by all users
EZ Web Site Monitoring - Service can keep tabs on your website and competitor websites in one easy report. Monitor uptime, response time monitoring, weekly error checking; track keywords and popularity, and always know when it changes.
Uptime Party - Web server monitoring for small business or personal web sites. Sends message if it's down, and when it's back up. Notifications via email or cell phone. Free for one server. $ for more than one, and monitoring is every 15 or 30 minutes.
SiteUpTime - Basic plan for monitoring one web site is free; others $. Highly configurable service options, multiple monitoring locations around the world; if more than one location detects a connection failure a notification is sent.
Panopta Advanced Server Monitoring - Web site monitoring service and outage management system from Panopta LLC for online businesses and service providers, with the ability to detect outages immediately, provide notifications, and provide a team the right tools to resolve the outage quickly. Checks services every 60 seconds using global monitoring network.
Pingdom - Server, network and website monitoring services from Pingdom AB. Includes current and historical reporting; world-wide network of monitoring servers; checks every 1-60 mins.
Site 24x7 - Monitoring of website uptime & performance from multiple geographical locations; monitor multi-step web applications or e-business transactions; monitor DNS servers & email server round-trip time; instant alerts for any downtime or threshold violations; email/SMS alerts and reports. Also available are free accounts with limited services for personal use.
WebSitePulse - Monitoring service from WebSitePulse. Simultaneous monitoring from up to 20 global stations; alerts sent when web page errors occur, performance thresholds are exceeded or connectivity problems are detected and verified from up to three independent monitoring resources, and when unauthorized content changes are detected. Supports cookies; monitors and verifies file size, MD5 checksum, present or missing text string. Customizable alert escalation schedules, configurable 'Do Not Disturb' times for contacts. Daily, weekly, monthly e-mailed uptime reports.
SiteMorse - External site monitoring services from SiteMorse - runs a periodic full report - clients can request to be notified if there is any change to the sites scores. Enterprise clients have the option of setting such thresholds on any one of over 300 tests.
YMU - Site monitoring service from Dreamcast Systems, Inc. HTTP, HTTPS, customizable map location selection of monitoring source, graphical reports, configurable periodic check intervals.
eXternalTest - Site monitoring service from eXternalTest. Periodically checks servers from different points of the world; view what customers see with screen shots using different browsers, OSs, and screen resolutions.
Global Up Time - HTTP/HTTPS website monitoring service from Global Web Monitor; configurable frequency, alerting, and reporting options; false alarm protection. Server monitoring, website monitoring, network appliance monitoring, business transaction monitoring, port monitoring and port security monitoring.
internetVista - Service from Lyncos remotely monitors web sites and Internet services for availability (http, https, smtp, ftp, pop, nntp, tcp). Notifications sent via email and SMS. Monitoring centers in U.S. and Europe. Free service also available, with limited features.
Host Tracker - Site monitoring service from Host Tracker; monitor an unlimited number of resources, distributed monitoring points, possible monitoring of CGI scripts' operation, keyword presence control, can specify keywords by regular expressions, unlimited number of addresses for server error notifications, historical statistics.
Neustar Website Monitoring - Transactional application monitoring service from Neustar. Can simulate defined web transactions, such as customer logins and purchase order fulfillment, up to every five minutes to verify application availability and performance. Scriptable alerting - can identify problems with connectivity, time-outs, SLA violations and more, plus fire off events. Utilize commonly used browsers: IE, Firefox, Chrome or all; or monitor with emulated browsers. Worldwide monitoring network, using real or emulated browsers.
Dotcom-Monitor - Web site monitoring and load testing services utilize multiple worldwide locations. Checks content and response times; provides reporting and notifications. Free 'Lifetime Lite' monitoring service available.
Vertain Monitoring Service - Services from Vertain Software include verification that web site is up and running and that users can complete multi-page transactions. Also available: Free service for up to six tests per day.
AlertBot - Monitoring service from InfoGenius, Inc. tests website availability, performance, and alerts webmaster of downtime. Also provides ftp, http, pop3, snmp, https, smtp, ip, and dns server monitoring.
WebSitePulse - Remote web site and server monitoring service with instant alerts and real time reporting. Simulates end-user actions from multiple locations around the globe. Web transaction monitoring available. Free basic service available.
1stMonitor - Site monitoring service notifies when a web site is down or new content has been posted. Easy and simple to use. Email notification. Weekly and monthly reports; instant setup.
SiteTechnician - Service of SiteTechnician LLC, identifies broken links, analyzes accessibility, reports on search engine optimization, monitors page load times and provides eight reports to help manage changes to website content over time.
WatchOur.com - Web site monitoring service from PingALink LLC; remotely monitors websites and other Internet protocol servers for availability and performance issues. Sends detailed error codes via pager, email, ICQ, etc. RFC compliant protocol checks assure valid monitoring. Extensive reporting.
AlertSite - Web site monitoring tools and services from SmartBear Software to ensure website/services/API's are available and performing optimally. Includes mobile web monitoring capabilities using iPhone, iPad, Blackberry and Android, etc. Immediate notification of problems via e-mail, pager, cell, or SMS. Monitoring from multiple locations around the world. (note: AlertSite API Monitoring is valid with soapUI Projects only)
elkMonitor - Service from Elk Fork Technologies for websites and other Internet servers; monitors availability and performance. Utilizing multiple test servers located on various Internet backbones, elkMonitor can alert users when sites or servers are unavailable or performing poorly. Alerts via email, pager or SMS alert.
AlertMeFirst - Service from Commerx Corp. reports on the performance and availability of a web site from customer's perspective; including experience with mail server, proxy server, transaction server, databases, etc. Flexible design allows changes to monitoring profile at any time and payment is required only for services used each day.
PureAgent - Service from Minq Software that monitors response times from the agent to a server, by replaying transactions at specified intervals. This includes static and dynamic web applications as well as other server applications. Capabilities include specifying limited access for certain users (such as historical stats only), encryption of stored scenarios, and viewing/downloading of raw XML definitions of Scenarios/Activities.
Dotcom-Monitor - External website monitoring/alerting/load testing service from Dana Consulting. Monitoring locations worldwide. Supports full-cycle sequential transactions; 'macro recorder' capabilities for setting up monitoring of complex web site processes such as online ordering; monitoring of sites, email and FTP services, DNS and router monitoring; includes a wide variety of online and downloadable reporting tools.
SiteGuardian - Site monitoring solution provides 24x7 monitoring of downtime, user experience, and application problems. Configururable notification method and intervals.
Patrol Express - Service from BMC Software continuously simulates and measures end-to-end customer web site experience. Monitors performance and availability of servers, applications and storage and network devices. Also monitors performance and availability of Web transactions. Compares performance and availability to user-defined goals.
WatchDog - Online website tracking and monitoring services from MyComputer.com geared to small business web sites. Provides uptime and load time reports, downtime alerts, etc. Distributed monitoring from five U.S. sites.
SiteScope - HP's (formerly Mercury's) hosted Web-based monitoring service; agentless monitoring solution designed to ensure the availability and performance of distributed IT infrastructures including servers, operating systems, network devices, network services, applications.
Keynote Application Perspective - Hosted performance and availability monitoring services and root cause diagnostics from Keynote Systems. Utilizes a distributed geographic measurement network for comprehensive end-user coverage. Provides advanced scripting tools with functionality for complex transaction recording and ad-hoc diagnosis.
Web Site Management Tools
(This section includes products that contain: site version control tools, combined utilities/tools, server management and optimization tools, and authoring/publishing/deployment tools that include significant site management or testing capabilities.)
Nuxeo - Open source platform for Enterprise Content Management enabling architects and developers to build, deploy and run the best content-driven applications in an easy way. Nuxeo applications can be configured with no programming experience, and extended using standard Java EE technologies.
FactFinder Express - Server performance monitoring tool from BlueStripe Software Inc. Identifies whether a server slow-down is caused by an app, back-end/database, or resource bottleneck. Automatically discovers server apps and starts monitoring their transactions/resources immediately. Runs on wide variety of server platforms.
Radiant CMS - A no-fluff, open source content management system designed for small teams. Features: elegant user interface, flexible templating with layouts, snippets, page parts, and a custom tagging language, extension/plugin system, simple user management and permissions.
Frog CMS - Frog, an open source CMS, was born as phpRadiant in January 2007, and is a PHP version of Radiant CMS. Although the two applications still share a family resemblance, Frog is charting its own development path. It is unique in its simple templating code, and because it uses PHP directly, there is no need to learn yet another scripting language. It requires PHP5, a MySQL database or SQLite 3 with PDO, and a web server (Apache with mod_rewrite is highly recommended). It is distributed under the GNU General Public License version 3. Source is available from Frog?s Google Code project page.
AutoTestBot - Free online service for automated website monitoring and testing. Emails warnings about 404-pages, PHP errors, ASP .NET errors, custom pattern matching (both positive and negative), etc. Can be used to check for such errors as pages with no products if you are running a web shop, or detect pages that you have removed, but forgotten to remove all links to.
4Webcheck - Site monitoring and utilities application from Bibase Software; Checks availability and verifies web pages at the byte level; compare pages on a web site to files on the local computer. Will compare single files, all files in a local folder or multiple sites and folders. Also provides url search engine submission options and includes link checking and other capabilities. For Windows platforms.
BugDigger - Web bug reporting tool from BugsIO Solutions, Inc; works as a plugin for MS IE and Firefox, adds a bug reporting button to browser toolbar. Automatically collects contextual data that may be of use to developers to isolate the bug to a specific area. Capabilities include screenshot of the web page, screenshot annotation editor, current and recently opened URLs on the web site, browser details, and more. Can send bug reports to hosted My BugDigger service or, via API's, to yuour Jira, Bugzilla, Fogbugz, Basecamp, Mantis, etc.
BigEasy CMS - Content management system from Bold Endeavours Group Ltd. Capabilities include: Template management - allows the creation and re-use of html templates; dynamic navigation generation; functionality for working with several languages on the web site, where the information is stored in the same location, regardless of language; forms, search, personalization/registration, discussion forums, sitemaps, etc.
Webmaster Toolkit - Collection of 35 free tools and utilities useful to webmasters; includes link checker, page analyzer, ping, color tool, link extractor, etc.
Webriq - Web-based site management and editing tool with drag and drop capabilities, for web, social and mobile marketing initiatives. From Webriq Pte Ltd, includes multiple language interfaces.
A1 Website Analyzer - Website analyzer and link checker from Microsys, also can check response times, spell check, html and CSS validation, track file sizes, check for page title duplication; optimize internal page link structure to maximize SE page rankings, list all images where one of more references are missing "alt" text. For Windows
BrowserCMS - Web content management system from BrowserMedia LLC for creating, managing, and publishing dynamic, information driven websites. Handles traditional text, images, or files, as well as such searchable, dynamic 'content objects' as press releases, job postings, a member locator/business directory, and an events calendar. 100% browser-based content management system is installed on the same web server that hosts website - no software installed on individual desktop machines. Geared to associations, non-profits, government agencies, and corporate websites. Compatible with multiple server OS's and web servers. Related app available as an open source CMS written in Ruby on Rails.
Errorlytics - Site management service/plugin from Errorlytics/Accession Media, LLC helps site managers minimize errors for their users. Keeps track of errors that site visitors come across. Can see what errors have come up, and then set up 'rules' as to where site visitors should be redirected to. For any website developed with Java, PHP, Rails, Drupal or Wordpress.
eValid Site Analysis - Site analysis, mapping, and page tuning tool from Software Research Inc. Checks for broken links and characteristics such as page age, size, existence of specified strings, download times of elements, pinpointing bottlenecks. Reports are generated onscreen, including 3D-SiteMap showing site structure; can be rotated, expanded, zoomed-in, etc.
SortSite - Tool from Electrum Solutions that checks pages against W3C and IETF standards, checks for compliance with accessibility standards; link checker, browser compatibility checker; checks for regulatory compliance, checks site against Google/Yahoo/MSN search guidelines, more.
DeepTrawl - Site management tool from Deep Cognition Ltd. finds dead/slow/invalid links, finds common html flaws, has integrated HTML editor with problem highlighting, finds stale content. Finds slow content based on configurable settings, checks for undesirable user postings, exports to CSV / HTML, more.
Atomic Watch - Site monitoring software from Info-Pack.com;runs as background process on Win machine; no software to install on server. Can check webpage or form for certain strings and report back if not present. Configurable monitoring intervals; various notification options including email notifications, sound alarm, or load a URL. No monthly fees like the server monitoring services.
TruWex - Site management tool from Erigami Ltd. checks accessibility, privacy, quality, web page performance. Utilizes a web interface; available as a managed service and as a redistributable product installed on Windows based servers.
WSOP - Website load time testing and optimization tool from SoftLogica LLC; other capabilities include checking for errors and broken links, highlighting of problem elements with a built-in HTML viewer, and support for custom testing scenarios for regular tests. Provides a set of reports, statistics and suggestions to improve website load time and performance.
TrueView - Web management suite from Symphoniq Corp. that can monitor Web application performance from browser to back-end by instrumenting both client and server side of web applications. Can measure page load times and errors directly from users' browsers and automatically detect and diagnose problems inside or outside the datacenter. Trace slowdowns to specific IP addresses, servers, method calls, and SQL queries.
WebWatchBot - Web site monitoring, notification, and analysis tool for web sites and IP Devices, from ExclamationSoft Inc. Capabilities include real-time charting of response times for multiple items, reporting of historical data, comprehensive dashboard view of all monitoring. Monitor web page transactions - execute any monitored item in sequence, handle login and web form posting, run as a windows service or application. Requires Windows, MSIE, SQLServer.
Savvy Content Manager - Content management tool from Savvy Software Inc. Simplified editing process - click on an area of your web site in Savvy's browser-based interface, update the information and then publish to the Web with another click. No coding, no file transfers, no additional software.
CA Introscope - Web performance monitoring tool from CA Technologies; presents data in easy-to-use customizable dashboards which enable deep, intuitive views of interrelation between system components and application infrastructure. Monitors applications as soon as installed; no coding needed. Included 'LeakHunter'identifies potential memory leaks. 'Transaction Tracer' can provide detailed tracing of execution paths and component response times for individual transactions in production systems.
WebCEO - Tool from WebCEO.com includes a site maintenance module. Includes link checker, WYSIWYG editor, FPT/publishing, traffic analysis, and site monitoring capabilities.
IBM Tealeaf - Web application Customer Experience Management solution from IBM (formerly from TeaLeaf Technology Inc.) that provides detailed visibility into availability and functionality issues to enable efficient problem identification, isolation, and repair. Captures and monitors real user sessions, providing context and correlation data for application failure analysis. Add-on capabilities include a 'Dashboard' to provide real-time, customizable views of success/failure rates for key online business processes and other critical metrics, and 'Real Scripts' automatically generated from recorded user sessions for use in specified other load testing tools.
PROGNOSIS - Comprehensive tool from Integrated Research Ltd. for performance and availability monitoring, network management, and diagnostics; suited to large systems.
OpenText Web Site Management - Web content management system from Open Text Corp includes modular design, allowing flexible deployment depending on individual customer requirements.
Cuevision Network Monitor - Monitoring tool from Cuevision for monitoring website, server, services, applications, and network; capabilities include notifications via email, net send, and popup, restart apps and services, etc. For Windows.
GFI Network Server Monitor - Server management tool from GFI Software Ltd. checks network and servers for failures and fixes them automatically. Alerts via email, pagers, SMS; automatically reboot servers, restart services, run scripts, etc. Freeware version of GFI Network Server Monitor is also available; includes modules to check HTTP and ICMP/ping for checking availability of HTTP and HTTPS sites.
Web Site Monitoring - Performance Monitoring - Free open-source website performance monitoring and uptime notification application in PERL, from AllScoop; sends email notification if site is slow or down.
ContentStudio - E-catalog management tool from TechniCon Systems with Win Explorer-type interface with drag and drop functionality; eliminates need for programmers and special production staff to maintain catalogs. Legacy-to-Web Tools can "bulk-load" online catalog from legacy product data. Capabilities include defining intra-configuration rules, such as option compatibilities on a single product; spatial relationships between products, etc.
CrownPeak CMS - Content management service from CrownPeak Inc., which hosts the management system application and the client's administrative interfaces and pushes the final assembled pages to client Web servers. Provides complete software developers environment, comprehensive Communications Gateway for inbound and outbound data, and a robust API.
WebLight - HTML validator and link checking tool from Illumit LLC. Free for use on small sites, low cost for large sites. Works on multiple platforms.
Trellian InternetStudio - Suite of web site management utilities from Trellian including site upload/publishing tools, text editor, HTML editor, link checker, site mapper, spell checker, site spider, image handling, HTML encryptor/optimizer, HTML validator, image mapper, e-commerce site designer/generator. For Windows.
Documentum - Enterprise content management product from EMC Corp. - capabilities/support include scalability, security, business process automation, globalization, XML-content-based multi-channel delivery, support for more than 50 document formats, integration with a variety of servers, authoring tools, etc.
Serena Collage - Content management tool from Serena; browser-based, scalable content management platform for content contributors distributed across an organization. Works with content from any platform or application. Enables collaboration, version control, activity tracking, administration, templates, styles, approval workflow, multi-lingual support, more. Runs with a variety of platforms, web servers, and DB servers.
Alchemy Eye - System management tool from Alchemy Lab continuously monitors server availability and performance. Alerts by cell phone, pager, e-mail, etc. Can automatically run external programs, and log events.
Web500 CMS - Web content management and site maintenance solution from Web500. Add-on modules allow capabilities such as WAP, e-commerce, payment processing, customer relationship management, and more.
HTML Rename - Site Migration/Batch processing tool from Expandable Language that enforces file naming conventions (case, length, invalid chars), renaming the files to match the convention, then correcting the links to those files automatically. Eliminates problems encountered when moving files between Windows, Mac, and UNIX systems and publishing to CD-ROM. For Mac or Windows.
IPCheck Server Monitor - Server monitoring tool from Paessler AG. Alerts webmasters if a webserver is not working correctly via sensor types PING, PORT, HTTP, HTTPS, HTTP Transaction, DNS, SMTP, POP3, SNMP, and custom sensors. Notifications can be triggered by downtimes, uptimes, or slow responses. For Win platforms; has a web-based user interface.
Oracle Universal Content Management System - Content management tool formerly from Stellent, now Oracle. Content Server uses a web-based repository, where all content and content types are stored for management, reuse and access. Enables services such as library services, security, conversion services, workflow, personalization, index/search, replication and administration. Other modules provide additional services such as: services for creating, managing and publishing Web content and supporting from one to thousands of Web sites; services for capturing, securing and sharing digital and paper-based documents and reports; and services for collaborative environments and for digital asset and records management.
Rhythmyx Content Manager - Web content management product from Percussion Software; based on native XML and XSL technologies; content development, publishing, version control, and customizable workflow. Manages Web content, documents, digital assets, portals and scanned images.
Broadvision - Suite of content and publishing management tools from Broadvision Inc.; allows a distributed team of non-technical content experts to manage every aspect of site content, including creation, editing, staging, production, and archiving.
HP OpenView Internet Services - Internet services monitoring/management tool from HP; integrates with other OpenView products to provide a variety of management and monitoring services and capabilities. Enables end-user emulation of major business-critical applications as well as a single integrated view of the complete Internet infrastructure. Designed to help IT staff efficiently predict, isolate, diagnose and troubleshoot problem occurrences, anticipate capacity shortfalls, and manage and report on service level agreements.
IBM Workplace Web Content Management - IBM's web content management product for Internet, intranet, extranet and portal sites; runs on both Lotus Domino and IBM WebSphere.
WebCheck - Windows application from Peregrine Software that runs in background and periodically checks a site for availability and correctness; searches for keywords; provides notification by displaying a message or sending an e-mail.
WS_FTP Pro - FTP/web publishing tool from Ipswitch; manage, upload, and update websites; automatically resume interrupted transfers; support more than 50 host file systems; drag-and-drop files; for Windows.
A1Monitor - Utility from A1Tech for monitoring availability of web servers. Capabilities include notification by email and automatic reboot of web server. For Windows.
AgentWebRanking - Freeware tool from AADSoft to monitor site's search engine position, improve search engine ranks, submit URL's. Searches top engines for keywords; can specify search depth. Also has keyword count for pages vs competitor's pages; auto or manual submit of URL's to search engines, meta tag creator. Requires MSIE and Windows.
WebSite Director - Web-content workflow management system from CyberTeams Inc. with browser-based interface includes configurable workflow management, e-mail submission of web content, and e-mail notifications; allows defining and applying existing workflow and approval rules to web content management process. For Windows, UNIX.
Equalizer - Load balancing server appliance and site management tool from Coyote Point Systems. Web based interface for load balancing administration, server failure detection, real-time server monitoring of server response time, number of pending requests, etc.
XMetal - XML development tool from Justsystems, Inc. for XML-based web site authoring and validation. Includes a 'Database Import Wizard', and can automatically convert output to CALS or HTML table models or to XML; For Windows.
Interwoven Team Site - Web development, version control, access control, and publishing control tool; works with many servers, OS's, and platforms. Other deployment and management tools available also.
Macromedia Contribute - Adobe's (formerly Macromedia's) web content management solution Content created in Contribute matches the look and feel of a site via Dreamweaver templates and advanced CSS support. Ensures design standards are met, functionality is maintained, and code is protected.
Site/C - 'Set-and-forget' utility from Robomagic Software; for periodic server monitoring for web server connection problems, link problems. E-mail/pager notifications, logging capabilities. For Windows.
PowerMapper - From Electrum Multimedia; for customizable automated site mapping, accessibility and usability checking, HTML validation, link checking, CSS validation, browser compatibility, and more. Requires Windows and MSIE.
SiteScope - HP's (formerly Mercury's) product for agentless site monitoring and maintenance. Runs on servers and monitors server performance, links, connections, logs, etc.; scheduled and on-demand reporting; provides notifications of problems. Includes published API for creating custom monitors. Monitors mimic users' end-to-end actions. For Windows or Unix.
HTML PowerTools - HTML validator, global search-and-replace. Date stamper, spell checker, Meta manager, image tag checker, HTML-to-Text converter, customizable reports. Link checker. Validates against various HTML versions, browser extensions; has updateable rulebase. From Talicom. For Windows.
OpenDeploy - Interwoven's configurable control system for deploying from development to production environments. Includes automated deployment, security, and encryption capabilities. Other management tools available also. For Windows and Unix.
Vignette Content Management - Vignette Corporation's products for web site collaborative content, publishing, management, and maintenance. Support for managing content stored in databases, XML repositories, and static files. Supports a wide variety of web attributes, databases, API's, and servers.
HomeSite - A lean, code-only editor for web development from Adobe (formerly Macromedia). Advanced coding features enable instant creation and modification of HTML, CFML, JSP, and XHTML tags, while enhanced productivity tools allow validation, reuse, navigation, and formatting of code more easily.
NetObjects Fusion - Site authoring/management tool from NetObjects Inc. Visual site structure editor, layout editor, graphics management, staging/publishing control. Includes capabilities for mobile wbe sites. For Windows.
Content Management apps listing - Large listing of content management apps, in Wikipedia. Includes info re: Proprietary, Open source, etc; Platform (java, php, asp.net, Perl, python, etc.) supported databases and latest release date.
Log Analysis Tools
DMOZ Log Analysis Tools List - DMOZ open directory project's lists of open source and commercial log analysis tools.
Mobile Web/App Testing Tools
Automated Quality Assurance TestBorg (AQuA TestBorg) - Test automation and management tool from eInfochips Limited for Android, Apple and QNX platforms. For Black-box functional Testing, Usability Testing, Load/Stress Testing, Interoperability Testing and Conformance Testing. Central repository and dashboard with debug analytics. Supports single click parallel test execution on emulators and remote devices and comes with pre-integrated test banks for handheld device testing, in-car systems, home-control systems and in-flight entertainment systems.
Mobitaz - An Android test automation tool from MSys Technologies; features include native app and Web test automation, end-to-end automation, etc. It supports most Android versions and the latest Android gestures, multi-touch gestures, etc. The test cases can be easily created, without needing the source code. It runs as a Windows server, facilitates creation and saving of test cases. Target platform: Windows (server application), Android (Mobitaz Agent application that runs on a device or emulator).
KIF iOS Integration Testing Framework - 'Keep It Functional' open source iOS integration test framework, enables easy automation of iOS apps by leveraging the OS's accessibility attributes. Tests for KIF are written in Objective C. Attempts to imitate actual user input, and automation is done using tap events wherever possible.
Android Test Kit - From Google; includes GoogleInstrumentationTestRunner - an improved InstrumentationTestRunner, and Espresso - a simple API for writing reliable UI tests.
Roboelectric - An open source unit test framework that modifies Android SDK classes so you can test your Android app inside the JVM on your workstation in seconds.
TestArchitect Mobile Plus - Test automation tool from LogiGear for Android - also supports Windows, Mac OSX. Supports native Windows, Microsoft .NET WinForms, WPF, Java Swing, Java RCP, Java OSGI, Flash/Flex; MS IE, Firefox, Chrome, WebView.
Appium - An open source test automation framework for driving native and hybrid iOS and Android mobile apps using the WebDriver JSON wire protocol. Supports a sub-set of the Selenium WebDriver JSON Wire Protocol, and has extensions for automating mobile gestures like tap, flick, and swipe. Write tests in Ruby, Python, Java, etc. As of mid-2013, requires Mac OS X 10.7 or higher, Linux OK for Android-only; Win support is in "beta"; Node and npm (brew install node). For iOS automation requires XCode and Apple Developer Tools (iPhone simulator SDK, command line tools). For Android automation requires Android SDK API >= 17.
Android Source Code Analysis - Static code scanning tool from Checkmarx provides the ability to find vulnerable lines of code and learn how to fix them, for Android app source code.
Test Studio for iOS - Test Studio for iOS is a standalone product by Telerik designed to test native, web, and hybrid iOS apps on the device. No jail-breaking of device is needed. Does not use image based element detection, it relies on object based recording instead. Record and run tests, take screenshots and send comments. Supported devices: iPhone, iPad, or iPod Touch (iOS 4.0+).
SeeTestMobile - Mobile application test tool from Experitest Ltd., for iOS, Android, Blackberry and WindowsPhone. Can be used on both emulators as well as real devices and covers visual testing, functionality testing and speed performance. Incorporates image recognition and self-learning algorithms. Test recording can take place utilizing real devices - plug real device in to desktop via USB. Utilizes self-learning diagnostic and matching algorithms and a modular self-enhancing image recognition technology. Editable scripts using included IDE; scripts can also be exported and edited in QTP, TestComplete, VBScript, C#, Java, Perl, Python. Runs on Windows, Linux, or Mac.
AppGrader for Android - Automated testing tool shows how well an app functions under real-world conditions on popular Android devices in the U.S. App is uploaded to AppGrader site, automated tests run, and a customized report is sent with an app grade on a scale of 1-100, along with issues found during app download, installation, and basic usage. Also provides a comparison of the app's overall grade to popular Android apps in the same app store category. From uTest. Free and paid versions.
Ranorex Cross-Device Mobile App Testing - A Windows GUI test automation framework from Ranorex GmbH for testing many different application types including mobile (iOS, Android, Windows8 UI) test automation as well as mobile web test automation (iOS). Directly record tests on your device. Does not require you to jailbreak, unlock or root your device - just execute the recorded tests on your device or emulator. The IDE includes test project management, integration of all Ranorex tools (Recorder, Repository, Spy), intuitive code editor, code completion, debugging, and watch monitor.
Mobitest - Mobile Performance Testing Tool from Blaze Software Inc. uses real iPhone and Android agents to conduct a performance analysis of browsing a website on a mobile device at multiple locations. Returns a website speed test with site?s load time, bandwidth, and waterfall chart. Take screenshots (and optionally video) of the page load.
M-eux - Mobile apps test automation software from Jamo Solutions; recognizes the GUI elements of the mobile device resulting in test cases that are device model independent and re-useable across different versions of the service/application under test. Integrates with existing environments such as Eclipse, QuickTest Professional and Visual Studio.
Android APK for Selenium - Open source Android APK, needed for the Android driver. For use with Selenium 2.11.0 and later. Works with ICS emulators and real devices (phone + tablets).
KIF iOS Integration Testing Framework - Open source iOS integration test framework enables automation of iOS apps by leveraging accessibility attributes that the OS makes available for those with visual disabilities; uses undocumented Apple APIs (like many iOS testing frameworks). Tests are written in Objective C, allowing for maximum integration with code while minimizing layers to build. Integrates directly into iOS app, so no need to run additional web server or install additional packages. Automation done using tap events where possible.
Instruments for Xcode 4 - Part of Apple's XCode developer toolkit for building Mac iOS (and OS X) applications. Many testing, profiling, and analysis capabilities include enabling easy creation of ad-hoc test harness by recording and playback of user interactions, OpenGL ES for tracking iPhone graphics performance, memory allocation monitoring, Time Profiler on iOS for collecting samples with very low overhead, complete System Trace for insight into how all system processes interact, more. Also in XCode is iOS Simulator, which enables running an app similar to the way it would run in an actual iOS device; can check that network calls are correct, and that views change as expected when phone rotates; can simulate touch gestures by using the mouse.
Perfecto Mobile - Provides 'The MobileCloud' which allows remote access to more than 600 different real mobile handsets located around the globe. Also provides keyword-based automation scripting with Perfecto Mobile's 'ScriptOnce' technology; also provides remote access to handsets in the native network for testing.
Robotium - Open source Android test automation framework from Renas Reda/Hugo Josefson/Jayway; available as java source or jar file. Can integrate with Maven or Ant to run tests as part of continuous integration. Supports Android 1.6 and up.
MonkeyTalk - Free open source test automation tool from Gorilla Logic for functional test automation for native, mobile, and hybrid iOS and Android apps. Can use simulators or real devices - no jailbreaking required. Cross-platform Recording/Playback. Run tests interactively or 100% headless and automated. Also see 'CloudMonkey Appliance', a turnkey, on-premises solution for managing mobile app testing across multiple devices simultaneously - authorized users can submit test jobs and they will run automatically when the target devices become available.
FoneMonkey - Legacy free functional test automation tool for iOS apps on the iPhone and iPad from Gorilla Logic. Provides for the interactive creation, editing and playback of automation scripts that exercise an application's user interface. Create suites of tests that automate performing user operation sequences and verifying results. Tests can be easily incorporated into continuous integration environments.
TestQuest CountDown - Mobile test automation tool from BSquare. Enables collaboration and asset sharing among distributed test teams. Organized into 4 components -- TestDesigner, TestManager, TestRunner and AssetManager; platform independent.
Intent Fuzzer - Free Android testing tool from Isec Partners; often finds bugs that cause the system to crash or performance issues on the device. The tool can either fuzz a single component or all components. It works well on Broadcast receivers, and average on Services. For Activities, only single Activities can be fuzzed, not all them. Instrumentations can also be started using this interface, and content providers are listed, but are not an Intent based IPC mechanism
MITE - Free version of MITE, from Keynote Systems Inc., for emulated mobile content testing. Desktop testing tool with 2,000+ device profiles and more than 10,000 user agent strings. Test and validate mobile content quickly across numerous device/ mobile OS/ mobile browser combinations. Provides information including source code, redirects, protocol details, oversized objects, and device compatibility checks. Paid Pro version available also.
DeviceAnywhere - Mobile handset testing platform from Kenote Systems (formerly MobileComplete) enables development, deployment, and testing of content/apps on hundreds of real handset devices in live global networks around the world using just the Internet. The mobile handset bank includes devices stationed in the United States, Canada, United Kingdom, France, Germany, Spain, Japan, etc and the agnostic platform hosts a diverse portfolio of carriers and manufacturers from around the world. Free version also available via ten minute testing sessions on real, popular smartphones for mobile websites.
Compuware APM Real User Monitoring for Mobile & Web Apps - An on-demand mobile monitoring solution from Compuware (formerly Gomez), to accelerate identification, diagnosis and resolution of mobile Web, SMS and application performance and availability problems. Provides a unified view of mobile and Web performance and availability. Utilizes thousands of different 'mobile devices': tests are performed by the Gomez testing agents deployed on mobile nodes. Mobile nodes are a globally distributed set of computers connected to wireless carrier networks via attached wireless modems and provide a realistic measure of the mobile Web experience. Supports all major phone platforms such as iOS, Android OS, BlackBerry OS, Palm OS, Symbian OS & multiple feature phone operating systems.
Other Web Test Tools
Laika - Open source testing framework for Meteor. Can evaluate code of both the server and client on a single test. By default uses tdd style; has option to change to bdd style. Each test runs against a separate instance of your meteor app and a clean mongodb database. Works with both meteor and meteorite.
Istanbul - Open source JS code coverage tool that computes statement, line, function and branch coverage with module loader hooks to transparently add coverage when running tests. Supports all JS coverage use cases including unit tests, server side functional tests and browser tests, for node and browser. Can be used on the command line as well as a library.
Wraith - Open source screenshot comparison tool, created by developers at BBC News, for regression testing of web page appearance/layout. Uses either PhantomJS or SlimerJS to create screenshots of different environments and then creates a diff of the two images; affected areas are highlighted in blue. Requires PhantomJS (for Webkit - Safari) or SlimerJS (for Gecko - Firefox), ImageMagick, and >=Ruby 1.9.3. Due to the drivers it uses, has only limited cross-browser testing capabilities; it is more oriented to layout regression testing for a particulat browser.
Mogotest - Web consistency testing service from Mogoterra, Inc. created and developed by Kevin Menard and Nick Plante. For automated checking of web site appearance consistency of UI's vs reference site pages, across browsers, and across browser versions. Also checks for dead links, broken pages, redirect loops, and other common deployment problems. Capabilities also include secure testing of pages located behind a firewall without publicly exposing a site or modifying firewall configuration. Test agent infrastructure runs in Amazon Web Services cloud. Monthly or pay-per-test payment options.
Email2DB - Tool from Parker Software to automate incoming Email Messages, Twitter Feeds, Web & Data Sources, create triggers based on message content to automate your processes and send auto-responses.
STB Tester - An open source video-capture record/playback system for automated testing of set-top boxes and similar devices, from David R?thlisberger. Can record a test case by listening for remote-control keypresses, taking screenshots from the set-top box as it goes; includes image-matching capabilities. Written on top of GStreamer, a library of media-handling components. Test scripting is in Python.
Robot Framework - Open source test automation framework for acceptance testing and acceptance test-driven development (ATDD), from Nokia Siemens Networks. Has a tabular test data syntax, uses keyword-driven testing approach. Can be extended by test libraries in Python or Java. Provides easy-to-read reports and logs in HTML format, and a command line interface and XML based outputs for integration into existing build infrastructure. Provides support for Selenium for web testing as well as support for Java GUI testing, running processes, Telnet, SSH, etc.
Skytap - Cloud-based application development and test solution from Skytap Inc. provides developers and test engineers with scalable cloud based virtual data centers (VDC) that can run apps/sites without rewrites; publish specific environments to different testing teams; scale load testing capacity on-demand. Create isolated test environments for wide variety of OS, database, browser, and app combinations and capture state (memory, network settings, data, etc) of multi-machine configurations and save as templates. Each configuration is network fenced, enabling installation of intrusive tools and restoration to a safe known version.
Feedback Roulette - A free service for anonymous exchange of feedback about websites, by Michael Dadashyan. You review others' websites and they review yours. Members assign scores to each others' reviews to specify how useful the feedback is. Based on that the reviewer's reputation is calculated. The system then uses the reputation to match reviewers. All reviews are anonymous, allowing people to say openly what they think. Also there is a powerful system of ratings and reputation which helps to match reviewers with each other. Premium memberships also available via PayPal subscription or redeeming Feedback Points.
WAVE - Free web accessibility evaluation online tool provided by WebAIM. It is used to aid humans in the 508 web accessibility evaluation process. Rather than providing a complex technical report, WAVE shows the original web page with embedded icons and indicators that reveal the accessibility of that page. Also available is the WAVE Firefox toolbar allowing evaluation of web pages directly within your browser.
Color Contrast Analyzer - Free downloadable tool from the Paciallo Group to help determine the legibility of text on a web page and the legibility of image based representations of text, can be used as a part of web accessibility testing. It is primarily a tool for checking foreground and background colour combinations to determine if they provide good colour visibility. It also contains functionality to create simulations of certain visual conditions such as colour blindness. Determining "colour visibility" is based on the Contrast Ratio algorithm, suggested by the World Wide Web Consortium (W3C) to help determine whether or not the contrast between two colours can be read by people with colour blindness or other visual impairments. For Win platforms.
JAWS - Screen reading software from Freedom Scientific; for Win platforms. Can be used for Web 508 accessibility testing.
NVDA - NonVisual Desktop Access (NVDA) is a free and open source screen reader for win platforms developed by NV Access. Support for over 20 languages and the ability to run entirely from a USB drive with no installation. Can be used for 508 accessibility testing.
Charles - Web debugging proxy app by by Karl von Randow at XK72 Ltd is an HTTP proxy / HTTP monitor / Reverse Proxy that enables viewing all the HTTP and SSL/HTTPS traffic between the browser and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information). For Win/Mac/Linux.
Email on Acid - Service to preview an email in more than 40 variations of the most popular mobile devices, web-based email clients, and email apps. Tests can be run 3 ways - insert a URL, cut/paste HTML code, send an email directly to Email on Acid account. Uses two approaches: a) Screen Captures - the email is sent through each email client application with a screen capture of the final result, b) Code Based Simulations - a code based simulation of the email is generated by analyzing and parsing the HTML and CSS code much like each of an actual email clients does, and test results are displayed from within a web browser; for web based email clients, the email is displayed as it would appear in the browser being used to run the test. Free and $ versions of service available.
Litmus - Email preview service via screenshots of how email would appear in more thaqn 30 mobile devices and email clients. Allows uploading the HTML or sending a test email. Also provides cross-browser landing page and website testing, in addition to the email previews, by generating landing page previews in 8 different web browsers.
View Dependencies - Firefox extension adds a tab to the Page Info window, in which it lists all the files which were loaded to show the current page. It orders the files by servers and by types (image, stylesheet, script, ...). The size of each file, the total size per server and the total page size are displayed. With a context menu, can open any file in a new tab or new window; can also copy a url to the clipboard.
Gridfox - Firefox extension draws a grid on top of a website; useful for checking designs. Right click anywhere on a website, and go to GridFox > Toggle Grid. In the bottom right will be some buttons to help create, edit and save a grid; also some arrows which enable browing let you browse any existing grids for the site of interest.
FontFinder - Firefox extension allows a user to analyze the font information of any element on a page, copy any piece(s) of that information to the clipboard, and perform inline replacements to test new layouts. Any active element can have any piece of the font's options (such as color, size or family) adjusted inline. Info captured includes: Font color (rgb and hex); background color (rgb and hex); font family (including actual font being rendered); font size, line-height, vertical-align, letter and word spacing; font weight, style, variant; text transform, decoration, align and indent;element's type, class and ID.
Firesizer - Firefox extension provides a menu and status bar to resize the window dimensions to a specific size. Unlike other similar extensions, this one sets the size of the *entire window*, not just the HTML area.
Web Developer - Firefox extension with a vaireity of useful capabilities; one of the more popular Firefox extensions for dev/testing. Capabilities include inspect, edit and disable CSS, graphics; browser resizer; much more.
FireShot - Firefox extension that creates screenshots of web pages entirely and enables annotations. save as PNG/GIF/JPEG/BMP. Also available for Google Chrome and IE.
MeasureIt - Firefox extension draws a ruler across any webpage to check the width, height, or alignment of page elements in pixels.
RedBot - An open source robot that checks HTTP resources to see how they'll behave, pointing out common problems and suggesting improvements. Although it is not a HTTP conformance tester, it can find a number of HTTP-related issues. Interacts with the resource at the provided URL to check for a large number of common HTTP problems, including: Invalid syntax in headers, ill-formed messages (e.g., bad chunking, incorrect content-length), incorrect gzip encoding, missing headers. Additionally, it will tell how well your resource supports such HTTP features as caching, negotiation for compression, last-Modified and ETag validation, partial content. Supports http and https.
Webpagetest - An online tool that was orginially developed by AOL for use internally and was open-sourced in 2008, now being developed and supported by Patrick Meenan/Google. The online version is an industry collaboration with various companies providing the testing infrastructure for testing a site from across the globe. Provides web page content analysis, performance analysis, various performance scores. API's available for scripting.
GTMetrix - Free online web page speed analyzer, from Gossamer Threads, Inc. Based on Google Page Speed and Yahoo! YSlow, checks one page at a time and provides page preformance analysis report and suggestions for improvement.
Page Speed - An open-source project started at Google to help developers optimize their web pages by applying web performance best practices. Started as an open-source Firefox/Firebug add-on and is now deployed in third-party products such as Webpagetest.org, Show Slow and Google Webmaster Tools. Page Speed family of tools includes Page Speed Firefox/Firebug add-on which allows you to evaluate the performance of web pages and to get suggestions on how to improve them, and the mod_pagespeed Apache module which automatically rewrites pages and resources to improve their performance.
Sikuli - An open source visual technology to automate and test GUI's using images (screenshots). Developed at the User Interface Design Group, MIT Computer Science and Artificial Intelligence Laboratory (CSAIL). Includes Sikuli Script, a visual scripting API for Jython, and Sikuli IDE, an integrated development environment for writing visual scripts with screenshots easily. Sikuli Script automates anything you see on the screen without internal API's support. You can programmatically control a web page, a Windows/Linux/Mac OSX desktop application, or even an iphone or android application running in a simulator or via VNC.
Xpresser - An open source Python module which enables trivial automation of GUIs via image matching algorithms. Note: though Xpresser uses gtk to implement its features, there?s nothing specific to gtk on the features and interface that Xpresser offers. Can use on its own or embedded in other apps.
ShowSlow - An open source tool that helps monitor various website performance metrics over time by collecting web performance data and showing it in aggregated form for better business understanding. Captures the results of YSlow and Page Speed rankings and graphs them, to help you understand how various changes to your site affect its performance.
Blaze - An online service from Blaze Software Inc. for optimizing website speed by optimizing Front End Performance. Blaze?s automated optimization combined with it's Content Delivery Network partner can maximize the potential performance of your web site.
Flash-Selenium - The Flash-selenium open source project extends the Selenium RC clients for adding Flash communication capabilities. Enables direct testing of the UI components of a Flex application.
Selenium-Flex API - The Selenium-Flex API allows automation of Flex applications using the popular test automation tool Selenium. The API is easy to set up and can be done with only basic working knowledge of either Flex or Selenium. Requires Firefox and inclusion of the Selenium-Flex API in Flex app build.
Virtu-El.com Spell Checker Online free spell checker and link checker from C# computing.
HTTPDebugger - HTTP Traffic Analyzer tool from MadeForNet.com that enable effective debugging of http headers and http content. Analyze HTTP headers, POST data, cookies, error codes and SOAP envelopes; measure the size, execution and downloading time of dynamic web pages; view the traffic from browser add-ons, ActiveX components and Java applets; decode HTTPS connections and gzip/chunked encodings; see complete stats in charts and diagrams. Supports a variety of browsers.
Cucumber - Tool for executing plain-text functional descriptions as automated tests. The language that Cucumber understands is called Gherkin. While Cucumber can be thought of as a ?testing? tool, the intent of the tool is to support BDD (Behavior-Driven Development). This means that the ?tests? (plain text feature descriptions with scenarios) are typically written before anything else and verified by business analysts, domain experts, etc. non technical stakeholders. The production code is then written outside-in, to make the stories pass. Cucumber itself is written in Ruby, but it can be used to ?test? code written in Ruby or other languages including but not limited to Java, C# and Python. Requires only minimal use of Ruby scripting, so cucumber can be utilized in testing contexts where the application code is not Ruby.
Lettuce - A simple BDD tool for Python based on Cucumber. By Gabriel Falc?o.
Aptimize Website Accelerator - An ISAPI filter for Microsoft IIS, or a Daemon and module for Linux Apache, that automates performance tuning by dynamically optimizing web pages for high performance at runtime ? just before a page is sent from web server to browser. For Win and Linux platforms.
Spello - Open source web site spell checker; run as a windows form or command line. Supports English (US and UK), French, German and Spanish (Spain and Mexico) dictionaries. More dictionaries can be downloaded from http://wiki.services.openoffice.org/wiki/Dictionaries. Html based log file. Written in C#, requires Microsoft.Net 3.5 SP1, the setup program has a bootstrapper to install it.
eggPlant - An image-based, low-overhead, non-invasive black-box test automation tool. Does not reside on the system-under-test and is technology agnostic, so it can test in many situations that other tools cannot by using image capture and advanced search techniques. Does not interact with the underlying code, and can test any application including those that can cause problems for other tools such as Flash, Silverlight, etc. Works
T-Plan Robot - A black box automated testing tool developed on generic image based testing principles; provides a human-like approach to software testing and performs in situations where other tools may fail. Support of Java test scripts as well as a proprietary scripting language; record & replay capability; support of testing over the RFB protocol (better known as VNC); ability to perform black box GUI testing of mobile phones (Windows Mobile, Symbian, iPhone); open architecture with a generic plugin interface and well documented programming interfaces. Platform independent (Java); runs on, and automates major systems, such as Windows, Linux, Unix, Solaris and certain mobile platforms.
System Shephard - An IT Performance Monitoring and Operations Management Platform for web and other systems; from Absolute Performance Inc. Modules include StressWalk and WebWalk. Delivers an enterprise-wide view of system performance and alert status; supplies analysis and reports based on real-time, recent, and historical data
Twill - Simple open source Python-based scripting language for web browser control from a command-line interface. Navigate through Web sites that use forms, cookies, and most standard Web features. Supports automated Web testing
Web Testing Plugin collection - Large collection of links to and short descriptions of open source utilities and tools for web testing, unit testing, assertions, mocks, fixture utilities, reporting, validators, code coverage, etc. Mostly for Ruby, maintained by Benjamin Curtis
UTE - Automated 'usability testing environment' from Mind Design Systems, Inc. Assists in quantitative usability evaluation of websites and web applications; automates capture of usability data in detail not easily done by a human observer. Consists of a) a 'UTE Manager' which helps set up test scenarios (tasks) as well as survey and demographic questions, and compiles results and produces customized reports and summary data; and b) a 'UTE Runner' which presents test participants with test scenarios (tasks) as well as any demographic and survey questions; the runner also tracks actions of the subject throughout the test including clicks, keystrokes, and scrolling.
XPather Firefox add-on by Viktor Zigo. Has rich XPath generator, editor, inspector and simple extraction tool. Requires the standard DOM inspector plugin for FF3.
FlexMonkey - Free legacy testing framework for Flex apps, from Gorilla Logic. Capabilities include capture, replay and verification of Flex UI functionality. Can generate ActionScript-based testing scripts that can easily be included within a continuous integration process. Uses the Flex Automation API and was created by extending Adobe's sample automation adapter, AutoQuick.
FunFx - A free Ruby test framework for functional testing of Adobe Flex applications Enables driving a Flex application through a web browser.
UnmaskParasites - A free online service that checks web pages for hidden illicit content (invisible spam links, iframes, malicious scripts and redirects). By Denis Sinegubko. Just type in the URL of the web site to be checked.
Rasta - Rasta is a keyword-driven open source test framework by Hugh McGowan using spreadsheets to drive testing. Loosely based on FIT, where data tables define parameters and expected results. The spreadsheet can then be parsed using your test fixtures. For the underlying test harness, Rasta uses RSpec so in addition to reporting results back to the spreadsheet you can take advantage of RSpec's output formatters and simultaneously export into other formats such as HTML and plain text. Since Rasta utilizes Ruby, it can work well with Watir (listed elsewhere in this page).
File Comparators - Web testing - or any type of testing - often involves verification of data vs expected data. While this is simple enough programmatically for single data points or small data sets, comparison of large amounts of data can be more challenging. This site, maintained by FolderMatch/Salty Brine Software, a windows file/folder comparator tool vendor, lists a large number of Win data comparators.
TMX - Keyword driven test automation product from Critical Logic, provides automated, fully annotated, executable scripts for QTPro, Watir, TestPartner, and SilkTest. Imports the objects that make up an application (radio buttons, entry fields, etc.) and builds an Object Tree containing all elements and attributes subject to testing. Then automatically generates the executable test scripts and test documentation. 'Virtual Objects' allow building of test scripts from requirements in parallel with code development.
Google's Website Optimizer - Google's service for testing variations in site design (titles, images, content, etc) to determine impacts on conversions, user actions, traffic, or other goals.
YSlow - Free open source tool analyzes web pages and explains why they're slow based on rules for high performance web sites. A Firefox add-on integrated with the Firebug web development tool. Includes a Performance report card, HTTP/HTML summary, list of components in page and related info, tools including JSLint. Generates a grade for each rule and an overall grade, lists suggested specific changes to improve performance, calculates total size of page for empty and primed cache scenarios, cookie info. Can also view HTTP response headers for any component.
ItsNat - Open source Java AJAX component-based web development framework provides a natural approach to web development; leverages 'old' tools to build new AJAX based Web 2.0 applications. Server centric using an approach called TBITS, "The Browser Is The Server": simulates a Universal W3C Java Browser at the server mimicking the behavior of a web browser, containing a W3C DOM Level 2 node tree and receiving W3C DOM Events. Contains significant built in functional web test support.
HTT - Open source scriptable HTTP test tool for testing and benchmarking web apps and for HTTP server development. Can act as client (requesting) and server (backend for reverse proxies). Pattern matching answers (both server and client) to test validity. Supports chunking in request and response.
Web Page Analyzer - Free online website performance tool and page speed analysis from Website Optimization. Calculate page size, composition, and download time, size of individual elements and sums up each type of web page component. Then offers advice on improving page load time.
HTTPWatch - An HTTP viewer and debugger plugin for MS Internet Explorer for HTTP and HTTPS monitoring without leaving browser window. Real-time page and request level time charts;millisecond accurate timings and network level data. Includes automation interface that can be used by most programming languages. Supports filtering of requests by criteria such as content types, response codes, URLs, headers and content. Basic free and paid versions available.
IBM Rational Policy Tester Accessibility Edition - Helps ensure Web site accessibility to all users by monitoring for over 170 comprehensive accessibility checks. It helps determine the site's level of compliance with government standards, including the U.S. government's Section 508 and guidelines such as the World Wide Web Consortium's Web Content Accessibility Guidelines (W3C WCAG), the UK's Disability Discrimination Act, and France's AccessiWeb.
TextTrust - Online service for one time or periodic full site spell checking; report includes listing of each text error with URL, built-in spelling mistake highlighter; correct your errors with Google suggestion lookup. System learns as it checks, detects industry terms and buzzwords such that only real errors are reported.
WireShark - Network protocol analyzer available under the GNU General Public License. Capabilities include deep inspection of hundreds of protocols, live capture and offline analysis, standard three-pane packet browser, runs on most platforms. Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility; rich VoIP analysis; read/write a very wide variety of different capture file formats. Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others. Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2. Coloring rules can be applied to the packet list for quick, intuitive analysis. Output can be exported to XML, PostScript, CSV, or plain text
TPTest - An open source software suite for testing network throughput and Internet services. It consists of a software library with test functions that can be implemented in test client and server applications. Reference client/server apps are also included.
BWMeter - Bandwidth meter, monitor and traffic controller, which measures, displays and controls all traffic to/from computer(s) or on your network. Can analyze the data packets (where they come from, where they go, which port and protocol they use). For Windows platforms. Shareware.
Fiddler - Free HTTP Debugging Proxy which logs all HTTP traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP Traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Can debug traffic from virtually any application. Can handle HTTPS encryption/decryption. Has many useful addons. Works on most browsers/OS's/platforms.
HTTP Interceptor - Low cost pseudo Proxy server that performs http diagnostics and enables viewing of the two way communication between browser and the Internet. View http, asp, http header, data headers, responses. Demo version Free and paid versions available.
Expecco - A component based, modular test and quality assurance platform from eXept Software AG, which aims at the consolidation of tests and partial test systems into an automated, interactive test center. Enables productivity improvement in creation and maintenance of test scenarios, includes extensive debug features and flexible integration into existing enterprises. Features include utilization of UML 2.0 and Selenium libraries.
Aptixia IxLoad - Highly scalable, integrated test solution from Ixia Inc. for assessing the performance of Triple Play (Voice, Video and Data services) networks and devices. IxLoad emulates IPTV and Triple Play subscribers and associated protocols to ensure subscriber Quality of Experience (QoE). Protocols supported include video protocols like IGMP, MLD, and RTSP; voice protocols like SIP and MGCP; and data protocols like HTTP, FTP, and SMTP. Can be used to test critical aspects of the infrastructure like DNS, DHCP, RADIUS, and LDAP services, as well generate malicious traffic to test for security. Also available are a wide variety of other related performance test tools to help accelerate the migration of communications and entertainment to IP.
Internet Explorer Developer Toolbar - Microsoft add-on for IE that includes some tools for that can be useful for web testing. Includes tools to explore a page's document object model (DOM), locate and select specific elements on a Web page through a variety of techniques, view HTML object class names, ID's, and details such as link paths, tab index values, and access keys; validate HTML, CSS, WAI, and RSS web feed links; view the formatted and syntax colored source of HTML and CSS; and more.
Web Service Scheduler - WSS is an online cron service that can execute custom scripts remotely, for websites hosted on a web server with no access to a scheduling utility like cron or task scheduler. To use, just login and add the URL of the web service or script (PHP, ASP, CGI) and the time you would like the service to run. Basic account is free.
sketchPath - Free XPath Editor and XML analysis and testing tool by Phil Fearon supporting XPath 1.0 and 2.0. Capabilities includes: Provides integrated graphical environment for viewing XML files, developing and testing XPath expressions against them and managing the expressions in file libraries. Auto-Generate XPath locations by selecting from XPath result list, regular expression result list, element tree view, element nodes list, XML text editor, etc. Import XPath Expressions from an XML source (eg. XSLT). auto-complete uses 'Look-Ahead' to list available location and value nodes when typing, XSD schema validation with fully-navigable invalid elements list. Use regular expressions to resolve XPath locations. And more. For Windows platforms.
soapUI - Free open source source desktop application from SmartBear Software for inspecting, invoking, developing, simulating/mocking and functional/load/compliance testing of web services over HTTP. It is mainly aimed at developers/testers providing and/or consuming web services (java, .net, etc). Functional and Load-Testing can be done both interactively in soapUI or within an automated build/integration process using the soapUI command-line tools. Mock Web Services can be created for any WSDL and hosted from within soapUI or using the command-line MockService runner. Various IDE-plugins available. Paid 'pro' version available with professional support and extended functionality.
Parasoft SOAtest - Scriptless web services test tool from Parasoft. Automatic test creation from WSDL, WSIL, UDDI and HTTP Traffic. Capabilities include WSDL validation, load and performance testing; graphically model and test complex scenarios. Automatically creates security penetration tests for SQL injections, XPath injections, parameter fuzzing, XML bombs, and external entities. Data-driven testing through data sources such as Excel, CSV, DB queries, etc. Support for JMS; MIME attachment support.
Fault Factory - API-level fault injection tool from from Extradata Technologies; injects HTTP/SOAP/Socket faults into an application - no code changes, no proxies required. Injects two types of faults: socket API failures and arbitrary HTTP responses (that can be used to imitate a wide range of conditions, including SOAP faults). Can be used standalone or in combination with a debugger. Language-neutral. For Windows platforms.
XML-Simulator - Black-box test tool from Elvior for applications using asynchronous XML messaging to communicate with different systems. Customizable to support any XML protocol. Java application, runs on multiple OS's.
Filemon - Free tool from Microsoft monitors and displays Windows file system activity on a system in real-time. Timestamping feature shows when every open, read, write or delete, happens, and its status column indicates outcome. Useful in security testing, monitoring/testing of web servers etc. Also available (links available on Filemon page): RegMon - a Registry monitor; Process Monitor - a process and thread monitor; DiskMon - a hard disk monitor.
AceLive - Tool from OpNet Technologies Inc. for end-user experience monitoring and application performance management. Spans network monitoring, measurement, and detection of SLA violations, and can bridges seamlessly into integrated and detailed transaction-level troubleshooting with OPNET?s ACE Analyst.
Paessler Site Inspector - A web browser that combines MSIE and Mozilla/Gecko into one program; it's Analyzing Browser allows switching between the two browser engines with the click of a mouse to compare. Freeware.
CookiePie Firefox Extension - Firefox extension from Sebastian Wain enabling maintenance of different cookies in different tabs and windows. For example developers working on web software supporting multiple users or profiles can use CookiePie to simultaneously test their software with each user without needing to open a different browser.
Broken Link Preventer - Link checker that reports on broken links, reports statistics on user attempts to access broken links, and enables broken link prevention. Runs on server and constantly monitors site links.
Web Performance Advanced Server Analysis - Add-on module for the Web Performance Inc. Load Tester tool from Web Performance Inc. Automatically points out performance problems in your operating system or application server; tracks performance counters in the operating system or application server during a load test, marking those statistics that are obviously out of spec so you can quickly identify obvious performance problems. Statistics can be viewed during the test and reviewed later in reports for more detailed analysis.
Eclipse TPTP Testing Tools Project - TPTP (Test & Performance Tools Platform) is a subproject of Eclipse, an open platform for tool integration. TPTP provides frameworks for building testing tools by extending the TPTP Platform. The framework contains testing editors, deployment and execution of tests, execution environments and associated execution history analysis and reporting. The project also includes exemplary tools for JUnit based component testing tool, Web application performance testing tool, and a manual testing tool. The project supports the OMG UML2 Test Profile.
Test Architect - Keyword-driven test automation tool from LogiGear Corp. helps increase test coverage. Requires Windows or Linux; supported UI's include Native Windows, Microsoft .NET WinForm, WPF, Microsoft Silverlight, Java? Swing, Java RCP, Java OSGI, Flash/Flex, QT, Android SDK, Android WebView; Browsers IE, Firefox, Chrome. Test harness support: Python, C++, C#, Java.
Networking and Server Test Utilities - Small collection of web server and other test utilities provided by hq42.net.
Morae - Usability test tool for web sites and software, from TechSmith Corp. for automated recording, analyzing and sharing of usability data. Consists of 3 components. A Recorder records and synchronizes video and data, creating a digital record of system activity and user interaction. A Remote Viewer enables geographically dispersed observers to watch usability tests from any location; it displays test user's computer screen along with a picture-in-picture window displaying the test participant's face and audio; Remote Viewer observers can set markers and add text notes. The Manager component includes integrated editing functionality for assembly of important video clips to share with stakeholders.
AutoTestFlash - Freeware tool by Tiago Simoes for recording and playing back UI Tests in flash applications. Source code also available.
Repro - Manual testing 'helper' tool that records desktop video, system operations in 7 different categories, system resource usage, and system configuration information. Allows user to save and review relevant information for bug reports, and compress the result into a very small file to replay, upload to a bug tracking system, and share with others. Instruments in memory the target application at runtime so no changes are required to application under test. For Windows.
TestGen - Free open-source web test data generation program that allows developers to quickly generate test data for their web-services before publicly or internally releasing the web service for production.
EngineViewer and SiteTimer - Free basic services: EngineViewer - reports on how a search engine may view a webpage, from how it breaks down the HTML, to which links it extracts, how it interprets page's robot exclusion rules and more. SiteTimer service - Find out how long it takes various connection types to get a page, check all the graphical links to ensure they're correct, examine server's HTTP headers, more.
Fiddler - An HTTP Debugging tool by Eric Lawrence. Acts as an HTTP Proxy running on port 8888 of local PC. Any application which accepts an HTTP Proxy can be configured to run through Fiddler. Logs all HTTP traffic between computer and the Internet, and allows inspection of the HTTP data, set breakpoints, and "fiddle" with incoming or outgoing data. Designed to be much simpler than using NetMon or Achilles, and includes a simple but powerful JScript.NET event-based scripting subsystem. Free, for Windows.
FREEping - Free ping software utility from Tools4ever which will ping all your Windows-based servers (or any other IP address) in freely-definable intervals. Will send a popup when one of the servers stops responding.
IP Traffic Test and Measure - Network traffic simulation and test tool from Omnicor Corp. can generate TCP/UDP connections using different IP addresses; data creation or capture and replay; manage and monitor throughput, loss, and delay.
VisitorVille - Site traffic monitoring tool from World Market Watch Inc. that depicts website visitors as animated characters in a virtual village; users can watch their web traffic as if they're watching a movie.
Sandra - 'System ANalyser, Diagnostic and Reporting Assistant' utility from SiSoftware. Provides large variety of information about a Windows system's hardware and software. Includes CPU, mainboard, drives, ports, processes, modules, services, device drivers, ODBC sources, memory details, environment settings, system file listings, and much more. Provides performance enhancing tips, tune-up wizard, file system and memory bandwidth benchmarking, more. Reporting via save/print/fax/email in text, html, XML, etc. Free, Professional, and other versions available in multiple languages.
Deque - Deque Ramp is a cross-platform solution for testing and remediating websites and Web-based applications for integrated accessibility and Section 508 compliance. Audits and corrects accessibility violations and helps organizations develop long-term practices to enhance accessibility for users with disabilities. Available versions include Ramp Personal Edition, Ramp Grade, and Ramp Ascend. Ramp PE version is free for some user categories such as non-profit organizations. Other products include Worldspace Online, an online accessibility test and repair tool.
Dummynet - Flexible tool developed by Luigi Rizzo, originally designed for testing networking protocols, can be used in testing to simulate queue and bandwidth limitations, delays, packet losses, and multipath effects. Can be used on user's workstations, or on FreeBSD machines acting as routers or bridges.
HTTP Interceptor - A real-time HTTP protocol analysis and troubleshooting tool from AllHTTP.com. View all headers and data that travel between your browser and the server. Split-screen display and dual logs for request and response data. Interceptor also allows changing of select request headers on-the-fly, such as "Referrer" and "User Agent".
SpySmith - Simple but powerful diagnostic tool from Quality Forge; especially useful when testing web sites and web-based applications. It allows the user to peek inside I.E. Browser-based Documents (including those without a 'view source' command) to extract precise information about the DOM elements in an HTML source. SpySmith can also spy on Windows objects. For Windows. Free 90-day trial.
Co-Advisor - Tool from The Measurement Factory for testing quality of protocol implementations. Co-Advisor can test for protocol compatibility, compliance, robustness, security, and other quality factors. Has modules for HTTP (RFC 2616) and ICAP (RFC 3507) protocols . Other info: runs on FreeBSD packages, Linux RPMs, Windows (on-demand); available as on-line service, binaries, or source code.
PocketSOAP - Packet-capture tool by Simon Fell, with GUI; captures and displays packet data between local client and specified web server. Can log captures to disk. For Windows; binaries and source available; freeware. Also available is PocketXML-RPC and PocketHTTP.
TcpTrace - Tool by Simon Fell acts as a relay between client and server for monitoring packet data. Works with all text-based IP protocols. For windows; freeware
ProxyTrace - Tool by Simon Fell acts as a proxy server to allow tracing of HTTP data; can be used by setting browser to use it as a proxy server and then can monitor all traffic to and from browser. Freeware.
tcptrace - Tool written by Shawn Ostermann for analysis of TCP dumpfiles, such as those produced by tcpdump, snoop, etherpeek, HP Net Metrix, or WinDump. Can produce various types of output with info on each connection seen such as elapsed time, bytes, and segments sent and received, retransmissions, round trip times, window advertisements, throughput, and various graphs. Available for various UNIX flavors, for Windows, and as source code; freeware.
MITS.Comm - Tool from Omsphere LLC for simulating virtually any software interface (internal or external). Allows testing without pitfalls associated with live connections to other systems (TCP/IP, Ethernet, FTP, etc). Allows developers to test down to the unit level by simulating the internal software interfaces (message queues, mailboxes, etc.) Tool can learn what request/response scenarios are being tested for future tests and can work with any protocol, any message definitions, and any network. Also available: MITS.GUI
XML Conformance Test Suite - XML conformance test suites from W3C and NIST; contains over 2000 test files and an associated test report (also in XML). The test report contains background information on conformance testing for XML as well as test descriptions for each of the test files. This is a set of metrics for determining conformance to the listed W3C XML Recommendation.
Certify - Test automation management tool from WorkSoft, Inc. For managing and developing test cases and scripts, and generating test scripts. For automated testing of Web, client/server, and mainframe applications. Runs on Windows platforms.
HiSoftware AccVerify - Tool for testing site accessibility, usability, searchability, privacy and Intellectual Property policy verification; from HiSoftware Inc. Also custom checks and test suites to meet organization's standards. Can crawl a site and report errors; can also programmatically fix most common errors found. Runs on Windows.
HiSoftware Web Site Monitor - Tool allows user to monitor servers and send alerts, allows monitoring web sites for changes or misuse of intellectual property in metadata or in the presented document; link validation. From HiSoftware Inc.
Team Remote Debugger - Debugging tool from Spline Technologies allows tracing of any number of code units of any kind ( ASP, MTS, T-SQL, COM+, ActiveX Exe, DLL, COM, Thread, CFML ), written in any language ( ASP, VB, VC++, Delphi, T-SQL, VJ, CFML ) residing on multiple shared and dedicated servers at the same time, without ever attaching to process. Remote code can pass messages and dialogs directly to your local machine via Team Remote Debugger component, and developers can then debug their respective code independently of one another no matter if the code units reside on the same servers or on different servers or on any combination thereof.
Datatect - Test data generator from Banner Software generates data to a flat file or ODBC-compliant database; includes capabilities such as scripting support that allows user to write VBScripts that modify data to create XML output, data generation interface to Segue SilkTest, capability to read in existing database table structures to aid in data generation, wide variety of data types and capabilities for custom data types. For Windows.
Triometric Performance Analyzer Suite - Suite of software protocol analyzers from Triometric accurately calculates end-to-end download speeds for each transaction, not just samples; produces a range of configurable reports that breaks down info into network and server speeds, errors, comparison to SLA's, performance for each server, client, URL, time period, etc.
WebBug - Debugging tool from Aman Software for monitoring HTTP protocol sends and receives; handles HTTP 0.9/1.0/1.1; allows for entry of custom headers. Freeware.
NIST Web Metrics Testbed - Web usability testing and evaluation tool suite from U.S. Govt. NIST. Source code available. For UNIX, Windows.
MRTG - Multi Router Traffic Grapher - free tool by Tobi Oetiker utilizing SNMP to monitoring traffic loads on network links; generates reports as web pages with GIF graphics on inbound and outbound traffic. For UNIX, Windows.
Java Test Tools
WindowTester - Also known as WindowTester Pro, a Java Developer tool from Google for testing SWT and Swing Java applications, eliminates the need to manually create test cases to test GUIs by automating the process of GUI testing. Reduces the time required to hand-code tests. Includes tools for automated recording, test generation, code coverage and playback of GUI interactions. Includes WindowTester SWT, WindowTester Swing and WindowTester Runner. The tests generated by WindowTester Pro are standard JUnit tests; run within Eclipse environment or can be automated to run using Ant. Typically, tests are recorded on projects within Eclipse environment.
AutoPilot Heap Detective - Free tool from Nastel Technologies, Inc for diagnosing Java Heap to find memory leaks. Written in C/C++ so it does not utilize any of the same resources it is diagnosing. Finds all objects in Heap capturing instance count, total size and average size. Reports on top objects by retained size to find the likely culprits. Drill down to areas where memory is used by Instance Count, Retained Size and Shallow size; drill down to what objects hold references to top memory consumers; take and compare multiple heap snapshots. Production ready: does not constantly run and has low overhead when used for detection.
Glassbox - Open source automated troubleshooting and monitoring agent for J2EE and Enterprise Java apps; diagnoses common problems with one click - drop in .war file, no code changes needed. Automatically traces failures and performance problems to the relevant Java method and reports stack traces or other information needed for fixes. Helps tell bugs from configuration problems. Complement to load testing tools - while driving load, automatically pinpoints bottlenecks and reports stack traces.
Arquillian - Arquillian from JBoss enables testing of Java business logic in a remote or embedded container. Alternatively, it can deploy an archive to the container so the test can interact as a remote client. No longer does writing a test involve system administration tasks, custom scripts, copy-paste Maven configuration, full builds, test classpath mayhem, looking up resources manually or reliance on coarse-grained, black-box testing. The goal is to provide a simple test harness that abstracts away all container lifecycle and deployment from the test logic so developers can easily produce a broad range of integration tests for their enterprise Java applications. Arquillian can either execute a test case inside the container, in which case the test class is deployed by Arquillian along with the code under test, or hold back the test class so it can act as a remote client to the deployed code. All the developer has to do is write the test logic. Also available is the Drone extension which bootstraps the tooling required for testing browsers in order to work (e.g. Selenium Server), and creates instances of a testing browser and properly disposes of it after the test is finished.
SonaType CLM for CI - Component Lifecycle Management tool for Continuous Integration from Sonatype Inc., analyzes every component in every build, including dependencies. Choose to be warned or to fail builds when components are inappropriately licensed for your project, have known security vulnerabilities or otherwise violate your policies. Summary build analysis is free. Available as a plugin for Hudson/Jenkins. Also available for java apps is 'Application Health Check' as a .jar file that enables analysis of your application and components, and uncovering of potential security, licensing, and quality problems. The report lets you quickly spot check your applications and code from your suppliers. Sonatype products make use of the 'Central Repository' ? a software industry cooperative repository for more than 400,000 open source java components from all major open-source projects. Sonatype runs the Central Repository.
RTI - Java performance analysis tool from OC Systems Inc. helps quickly find and resolve complex performance problems. RTI delivers lightweight deep diagnostics for distributed Java applications in production and test environments. Monitor transaction performance end-to-end from client across network, web and application tiers ? deep dive to method level. RTI integrates with LoadRunner, JMeter and soapUI. Targeted to JBoss, Tomcat, Linux, Windows.
Yourkit Java Profiler - Java profiling tool from Yourkit; CPU and memory hot spots; memory leak detection; memory distribution reports;on-demand profiling; utilizes all of the advanced Java 5/6/7 profiling features; runs on most platforms.
VisualVM - A free visual tool, originally from Sun, to monitor and troubleshoot Java applications. Runs on Sun JDK 6, but is able to monitor applications running on JDK 1.4 and higher. Utilizes various available technologies like jvmstat, JMX, the Serviceability Agent (SA), and the Attach API to get data and uses minimal overhead on monitored applications. Capabilities include: automatically detects and lists locally and remotely running Java applications; monitor application performance and memory consumption; profile application performance or analyze memory allocation; is able to save application configuration and runtime environment together with all taken thread dumps, heap dumps and profiler snaphots into a single application snapshot which can be later processed offline.
LAPSE - Lightweight Analysis for Program Security in Eclipse. Designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web apps. Targets parameter manipulation, header manipulation, cookie poisoning, command-line parameters, SQL injections, cross-site scripting, HTTP splitting, path traversal vulnerabilities Developed by Benjamin Livshits as part of the Griffin Software Security Project. Not intended as a comprehensive solution for Web application security, but rather as an aid in the code review process.
Checkmarx - Code security analysis tool from Checkmarx; capabilitites include hundreds of out of the box security checks, checks for architectural flaws, coding practice enforcement. Runs on Windows against Java or any other programming language code.
Window Licker - An open source framework for the test-driven development of Java systems through the GUI. Provides a high-level API for controlling and making assertions about graphical user interfaces: for Swing and Dynamic HTML (aka "AJAX") including GWT. Deals with the asynchronous nature of GUI and AJAX programming so the tests don't have to; Controls the GUI by sending native mouse and keyboard events; Handles different keyboard layouts; Produces high quality error messages to help you easily diagnose test failures; Easily extensible to cope with new user interface components
Cobertura - Free Java tool to identify which parts of a Java program are lacking test coverage and calculate % coverage; based on jcoverage. Instruments already-compiled Java bytecode; execute from ant or from the command line; generate reports in HTML or XML; shows % of lines and branches covered for each class, each package, and for the overall project. Shows McCabe cyclomatic code complexity of each class, and average cyclomatic code complexity for each package, and for the overall product. Can sort HTML results by class name, percent of lines covered, percent of branches covered, etc. and sort in ascending or descending order.
JProfiler - Java profiling tool from ej-Technologies GmbH. Check for performance bottlenecks, memory leaks and threading issues.
Parallel-junit - Open source small library extensions for JUnit. Extends the junit.framework.TestSuite class by running tests in parallel, allowing more efficient test execution. Because TestResult and TestListener aren't designed to run tests in parallel, this implementation coordinates the worker threads and reorder event callbacks so that the TestResult object receives them in an orderly manner. In addition, output to System.out and System.err are also serialized to avoid screen clutter.
EMMA - Open-source toolkit, written in pure Java, for measuring and reporting Java code coverage. Targets support for large-scale enterprise software development while keeping individual developer's work fast and iterative. Can instrument classes for coverage either offline or on the fly (using an instrumenting application classloader); supported coverage types: class, method, line, basic block; can detect when a single source code line is covered only partially; coverage stats are aggregated at method, class, package, and "all classes" levels. Reports support drill-down, to user-controlled detail depth; HTML reports support source code linking. Does not require access to the source code; can instrument individual .class files or entire .jars (in place, if desired). Runtime overhead of added instrumentation is small (5-20%); memory overhead is a few hundred bytes per Java class.
PMD - Open source static analyzer scans java source for problems. Capabilities include scanning for: Empty try/catch/finally/switch statements; Dead code - unused local variables, parameters and private methods; Suboptimal code - wasteful string/stringBuffer usage; Overcomplicated expressions - unnecessary if statements, for loops that could be while loops; Duplicate code - copied/pasted code - could indicate copied/pasted bugs.
Hammurapi - Code review tool for Java (and other languages with latest version). Utilizes a rules engine to infer violations in source code. Doesn't fail on source files with errors, or if some inspectors throw exceptions. Parts of tool can be independently extended or replaced. Can review sources in multiple programming languages, perform cross-language inspections, and generate a consolidated report. Eclipse plugin.
TestNG - A testing framework inspired from JUnit and NUnit and developed by Cedric Beust; supports JDK 5 Annotations, data-driven testing (with @DataProvider), parameters, distribution of tests on slave machines, plug-ins (Eclipse, IDEA, Maven, etc); embeds BeanShell for further flexibility; default JDK functions for runtime and logging (no dependencies); can run tests in arbitrarily big thread pools with various policies available.
Concordian - An open source testing framework for Java developed by David Peterson. Utilizes requirements in plain English using paragraphs, tables and proper punctuation in HTML. Developers instrument the concrete examples in each specification with commands (e.g. "set", "execute", "assertEquals") that allow test scenarios to be checked against the system to be tested. The instrumentation is invisible to a browser, but is processed by a Java fixture class that accompanies the specification. The fixture is also a JUnit test case. Results are exported with the usual green and red indicating successes and failures. Site includes info re similarities and diffs from Fitnesse.
DBUnit - Open source JUnit extension (also usable with Ant) targeted for database-driven projects that, among other things, puts a database into a known state between test runs. Enables avoidance of problems that can occur when one test case corrupts the database and causes subsequent tests to fail or exacerbate the damage. Has the ability to export and import database data to and from XML datasets. Can work with very large datasets when used in streaming mode, and can help verify that database data matches expected sets of values.
StrutsTestCase - Open source Unit extension of the standard JUnit TestCase class that provides facilities for testing code based on the Struts framework, including validation methods. Provides both a Mock Object approach and a Cactus approach to actually run the Struts ActionServlet, allowing testing of Struts code with or without a running servlet engine. Uses the ActionServlet controller to test code, enabling testing of the implementation of Action objects, as well as mappings, form beans, and forwards declarations.
DDSteps - A JUnit extension for building data driven test cases. Enables user to parameterize test cases, and run them more than once using different data. Uses external test data in Excel which is injected into test cases using standard JavaBeans properties. Test cases run once for each row of data, so adding new tests is just a matter of adding a row of data in Excel.
StrutsTestCase for JUnit - Open source extension of the standard JUnit TestCase class that provides facilities for testing code based on the Struts framework. Provides both a Mock Object approach and a Cactus approach to actually run the Struts ActionServlet, allowing testing Struts code with or without a running servlet engine. Because it uses the ActionServlet controller to test code, can test not only the implementation of Action objects, but also mappings, form beans, and forwards declarations. Since it already provides validation methods, it's quick and easy to write unit test cases.
JavaNCSS - A free Source Measurement Suite for Java by Clemens Lee. A simple command line utility which collects various source code metrics for Java. The metrics are collected globally, for each class and/or for each function.
Open Source Profilers for Java - Listing of about 25 open source code profilers for Java from 2006 from the Manageability.org web site.
SofCheck Inspector - Tool from SofCheck Inc. for analysis of Java for logic flaws and vulnerabilities. Explores all possible paths in byte code and detects flaws and vulnerabilities in areas such as: array index out of bounds, buffer overflows, race conditions, null pointer dereference, dead code, etc. Provides 100% path coverage and can report on values required for 100% unit test coverage. Patented precondition, postcondition and presumption reporting can help detect Malware code insertion.
CodePro Analytix - Free suite of Java tools from Google Java Developer Tools; an Eclipse-based Java software testing/analysis toolkit includes features like code audit, metrics, automated unit tests, code coverage, dependency analysis, similar code analysis, more.
Klocwork - Static analysis technology for Java, C, C++, C#; analyzes defects & security vulnerabilities, architecture & header file anomalies, metrics. Developers can run Klocwork in Eclipse or various other IDE's. Users can select scope of reporting as needed by selecting software component, defect type, and defect state/status.
Coverity Prevent - Tool from Coverity Inc. for analysis of Java source code for security issues. Explores all possible paths in source code and detects security vulnerabilities and defects in multiple areas: memory leaks, memory corruption, and illegal pointer accesses, buffer overruns, format string errors and SQL injections vulnerabilities, multi-threaded programming concurrency errors, etc.
GUIDancer - Eclipse-based tool from Bredex GmbH for automated testing of Java/Swing GUI's, Tests are specified, not programmed - no code or script is produced. Test specification is initially separate from the AUT, allowing test creation before the software is fully functional or available. Specification occurs interactively; components and actions are selected from menus, or by working with the AUT in an advanced "observation mode". Test results and errors viewable in a results view, can be saved as html or xml file.
CMTJava - Complexity measurement tool from Verifysoft GmbH. Includes McCabe cyclomatic complexity, lines-of-code metrics, Halstead metrics, maintainability index.
JavaCov - A J2SE/J2EE Coverage testing tool from Alvicom; specializes in testing to MC/DC (Modified Condition/Decision Coverage) depth. Capabilities include: Eclipse plugin; report generation into HTML and XML; Apache Ant integration and support for test automation.
Jameleon - Open source automated testing harness for acceptance-level and integration testing, written in Java. Separates applications into features and allows those features to be tied together independently, in XML, creating self-documenting automated test cases. These test-cases can then be data-driven and executed against different environments. Easily extensible via plug-ins; includes support for web applications and database testing.
Agitator - Automated java unit testing tool from Agitar Software. Creates instances of classes being exercised, calling each method with selected, dynamically created sets of input data, and analyzing results. Stores all information in XML files; works with Eclipse and a variety of IDEs. Also available are: automated JUnit generation, code-rule enforcement, and more.
PMD - Open source tool scans Java code for potential bugs, dead code, duplicate code, etc. - works with a variety of configurable and modifiable rulesets. Integrates with a wide variety of IDE's.
JLint - Open source static analysis tool will check Java code and find bugs, inconsistencies and synchronization problems by doing data flow analysis and building the lock graph.
Lint4j - A static Java source and byte code analyzer that detects locking and threading issues, performance and scalability problems, and checks complex contracts such as Java serialization by performing type, data flow, and lock graph analysis. Eclipse, Ant and Maven plugins available.
FindBugs - Open source static analysis tool to inspect Java bytecode for occurrences of bug patterns, such as difficult language features, misunderstood API methods, misunderstood invariants when code is modified during maintenance, garden variety mistakes such as typos, use of the wrong boolean, etc. Can report false warnings, generally less than 50%.
CheckStyle - Open source tool for checking code layout issues, class design problems, duplicate code, bug patterns, and much more.
Java Development Tools - Java coverage, metrics, profiler, and clone detection tools from Semantic Designs.
AppPerfect Test Studio - Suite of testing, tuning, and monitoring products for java development from AppPerfect Corp. Includes: Unit Tester, Code Analyzer, Java/J2EE Profiler and other modules.
Cactus - A simple open-source test framework for unit testing server-side java code (Servlets, EJBs, Tag Libs, Filters, etc.). Intent is to allow fine-grained continuous testing of all files making up an application: source code but also meta-data files (such as deployment descriptors, etc) through an in-container approach. It uses JUnit and extends it. Typically use within your IDE, or from the command line, using Ant. From Apache Software Foundation.
JUnitPerf - Allows performance testing to be dynamically added to existing JUnit tests. Enables quick composition of a performance test suite, which can then be run automatically and independent of other JUnit tests. Intended for use where there are performance/scalability requirements that need re-checking while refactoring code. By Mike Clark/Clarkware Consulting, licensed under the BSD License.
Abbot Java GUI Test Framework - Testing framework by Timothy Wall provides automated event generation and validation of Java GUI components, improving upon the very basic functions provided by the java.awt.Robot class. (Abbot = "A Better 'Bot'). The framework may be invoked directly from Java code or accessed without programming through the use of scripts via 'Costello', a script editor/recorder. Suitable for use both by developers for unit tests and QA for functional testing. Free - available under the GNU Lesser General Public License
JUnit - Open source framework to write repeatable java unit tests - a regression testing framework written by Erich Gamma and Kent Beck. For use by developers implementing unit tests in Java.
jfcUnit - Framework for developing automated testing of Java Swing-based applications at the UI layer (as opposed to testing at lower layers, for which JUnit may be sufficient). Provides recording and playback capabilities. Also available as plugins for JBuilder and Eclipse. Free Open Source Software from SourceForge site.
JBench - Freeware Java benchmarking framework to compare algorithms, virtual machines, etc. for speed. Available as binary distribution (including documentation), source distribution, or jar file.
Clover - Code coverage tool for Java from Atlassian. Fully integrated plugin for Eclipse, IntelliJ IDEA and projects using Apache ANT and Maven. View coverage data in XML, HTML, PDF, or via a Swing GUI. Tracks cyclomatic complexity. TestOptimization automatically prioritises just the tests needed to cover the particular changes made.
Structure101 - Java source code visualization tool from Headway Software. Lets user understand, measure, and control architecture, design, composition, and dependencies of code base. Analyzes byte code and shows all dependencies, at all levels and between all levels; method, class, package, application. Measures code complexity using a measurement framework called XS. For Windows, *nux, and Mac OS X. Also available are Restructure101 for refactoring and Structure101Build for enforcing architectures.
Java Tool Suite from Man Machine Systems - Includes JStyle, a Java source analyzer to generate code comments and metrics such as inheritance depth, Cyclomatic Number, Halstead Measures, etc; JPretty reformats Java code according to specified options; JCover test coverage analyzer; JVerify Java class/API testing tool uses an invasive testing model allowing access to internals of Java objects from within a test script and utilizes a proprietary OO scripting language; JMSAssert, a tool and technique for writing reliable software; JEvolve, an intelligent Java code evolution analyzer that automatically analyzes multiple versions of a Java program and shows how various classes have evolved across versions; can 'reason' about selective need for regression testing Java classes; JBrowser class browser; JSynTest, a syntax testing tool that automatically builds a Java-based test data generator.
JProbe Suite - Collection of Java debugging tools from Quest Software; includes JProbe Profiler and JProbe Memory Debugger for finding performance bottlenecks and memory leaks, LProbe Coverage code coverage tool, and JProbe Threadalyzer for finding deadlocks, stalls, and race conditions. JProfiler freeware version available.
Krakatau Professional for Java - Software metrics tool from Power Software includes more than 70 OO, procedural, complexity, and size metrics related to reusability, maintainability, testability, and clarity. Includes Cyclomatic Complexity, Enhanced Cyclomatic Complexity, Halstead Software Science metrics, LOC metrics and MOOD metrics. Is oriented to Class, Method and Interface level metrics. Has online advisor for quality improvement. Output as HTML or CSV. For Java and C++.
Jtest - ParaSoft's Jtest is an integrated, automatic unit testing and standards compliance tool for Java. It automatically generates and executes JUnit tests and checks whether code follows 400 coding standards and can automatically correct for many.
DevPartner Java Edition - Debugging/productivity tool from Microfocus (formerly from Compuware, formerly from NuMega) to detect and diagnose Java bugs and memory and performance problems; thread and event analysis, coverage analysis. Integrates with several Java IDE's.
TCAT/Java - Part of Software Research's TestWorks suite of test tools; code coverage analyzer and code analysis for Java; written in Java.
Open Source code analyzers listing - A listing of open source Java code analysis tools written in Java.
Open Source code coverage tools listing - A listing of open source Java code coverage tools written in Java.
Open Source Java test tools listing - A listing of open source tools and frameworks for Java testing, written in Java.
Open Source web test tools listing - A listing of open source web test tools and frameworks written in Java.
(Note: some other tools in these listings also handle testing, management, or load testing of java applets, servlets, and applications, or are planning to add such capabilities. Check listed web sites for current information.)