Bonsai is a company which considers Open Source and research to be its cornerstones. In the vulnerability research sector, Bonsai focuses on the detection of new vulnerabilities in Software and Hardware products, as well as in the research of new attack vectors in Web applications. The vulnerabilities reported by Bonsai can be found here.
- w3af - Web Application Attack and Audit Framework, is a tool for vulnerability discovery and exploitation in Web applications, developed by Andrés Riancho together with worldwide contributors.
- untidy is an XML multi-purpose fuzzer. By using the tool you can find vulnerabilities in any software using XML, such as OpenOffice, Web Services and Browsers.
- moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for testing web application tools and teaching web application security.