10 Open Source Vulnerability Scan Tools for Small Businesses

Introduction

As cyber threats evolve, small and medium-sized businesses (SMBs) face a critical challenge: the urgent need for effective cybersecurity measures. Alarmingly, 51% of these enterprises lack any cybersecurity protocols, leaving them vulnerable to potentially devastating data breaches. This article delves into ten open-source vulnerability scanning tools specifically designed to empower SMBs, equipping them with essential resources to identify and mitigate risks. How can these tools not only protect businesses but also enhance their overall security posture in an increasingly digital landscape?

By exploring these tools, SMBs can take proactive steps towards safeguarding their data and ensuring their operations remain secure. It's time to consider how these solutions can fit into your cybersecurity strategy.

Value Aligners: AI-Powered Cybersecurity Solutions for SMBs

Value Aligners harnesses the power of AI technology to connect small and medium-sized enterprises (SMEs) with customized cybersecurity solutions. By simplifying the complex landscape, the platform empowers organizations to make informed decisions that bolster their defenses. Key features include:

  • a partner network, which fosters connections with like-minded partners
  • a knowledge base that keeps businesses updated on emerging threats and compliance requirements
  • expert guidance, ensuring that small and medium-sized businesses can effectively navigate the intricacies of cybersecurity, enhancing their overall protection stance.

Recent trends show that AI is transforming the cybersecurity landscape for SMBs, with 57% of organizations identifying AI as a key enabler. Yet, only 37% of companies assess the tools they employ, revealing a significant gap in security practices. The adoption of AI not only streamlines security processes but also greatly enhances effectiveness; professional cybersecurity measures can lower attack success rates by over 90%. Furthermore, this is critical, as 51% of small enterprises lack any cybersecurity measures, making them particularly vulnerable to attacks.

Successful applications of AI-driven partner matching have illustrated how small and medium-sized businesses can strengthen their security posture. By utilizing intelligent partner matching, businesses gain access to the most relevant tools and resources, ensuring they are ready to tackle the evolving threat landscape. As cybercriminals increasingly leverage AI technologies, the demand for robust, tailored cybersecurity solutions has never been more urgent. Value Aligners is at the forefront of this shift, equipping SMBs with the essential tools they need to succeed in a digital-first world.

The central node represents the main theme, while branches show key features and statistics. Each color-coded branch helps you quickly identify different aspects of the cybersecurity landscape for SMBs.

Nessus: Comprehensive Vulnerability Scanning Tool

Nessus, developed by Tenable, is a powerful scanning tool designed to identify vulnerabilities across networks, systems, and applications. Its deep scanning capabilities are bolstered by a comprehensive flaw database, which includes crucial updates and patches for known weaknesses. For instance, recent updates have addressed a critical vulnerability, which allows non-admin users to elevate privileges to SYSTEM level. This underscores the tool's vital role in maintaining cybersecurity.

Small businesses, often facing significant security challenges, can greatly benefit from Nessus's tailored assessments. These allow organizations to tailor their assessments to specific needs, ensuring they can effectively prioritize vulnerabilities based on their unique risk profiles. In 2025, the average cost of a data breach reached $120,000, highlighting the financial imperative for proactive security measures.

Real-world examples demonstrate Nessus's effectiveness in enhancing security. Organizations that have implemented Nessus report improved security posture and a reduction in security incidents. For example, companies conducting regular vulnerability assessments have seen a 70% decrease in employee errors related to cybersecurity, thanks to the insights gained from thorough scanning.

Experts emphasize the necessity of comprehensive vulnerability management tools, such as Nessus. Cybersecurity professionals recommend regular use of scanning tools, highlighting their importance in identifying and mitigating risks before they can be exploited. With features specifically designed for small businesses, Nessus not only streamlines the risk management process but also empowers organizations to effectively manage their security.

The central node represents Nessus, while the branches show its key features and benefits. Each sub-branch provides more detail, helping you understand how Nessus contributes to cybersecurity.

QualysGuard: Cloud-Based Vulnerability Management

QualysGuard offers a robust cloud-based solution for businesses, empowering organizations to gain real-time insights into their security posture. With features like automated scanning, continuous monitoring, and comprehensive reporting, QualysGuard leverages technology to enable businesses to proactively identify and address vulnerabilities, ensuring compliance with industry standards. In 2025, advancements in automation will make automated scanning particularly beneficial for small and medium-sized enterprises, streamlining the vulnerability management process. This allows companies to focus on growth while maintaining a strong security framework.

Consider the real-world impact of QualysGuard: many small and medium-sized businesses have effectively leveraged the platform to bolster their cybersecurity defenses, showcasing its value in navigating complex regulatory environments. Industry leaders stress that adopting advanced tools not only reduces risks but also cultivates a culture of security awareness within organizations. As the cybersecurity landscape continues to evolve, QualysGuard stands out as an essential resource for small and medium-sized businesses looking to protect their operations and sustain a competitive edge.

The central node represents QualysGuard, while the branches show its features, benefits, and real-world impacts. Each color-coded branch helps you easily identify different aspects of the solution.

OpenVAS: Open Source Vulnerability Assessment System

OpenVAS (Open Vulnerability Assessment System) is a powerful, free, and open-source scanner tailored for small businesses. Its versatility shines through with support for both authenticated and unauthenticated testing, allowing organizations to identify and address vulnerabilities efficiently without incurring hefty costs.

For SMBs, the cost savings from using OpenVAS can be significant. By leveraging this open-source tool, companies can avoid the expenses often associated with commercial scanners while still achieving effective security. Regular use of OpenVAS not only helps in meeting industry standards but also fosters a proactive approach to security, reducing the chances of costly data breaches.

Consider the real-world impact of OpenVAS. Many SMBs have successfully integrated it into their cybersecurity strategies, utilizing its extensive threat coverage to enhance their defenses. For instance, organizations in the Information Technology and Services sector, which represent 26% of OpenVAS users, have reported improved visibility into their risks, enabling them to prioritize remediation efforts effectively.

Cybersecurity experts recognize the importance of vulnerability scanning tools, including options like OpenVAS. As one specialist noted, integrating these tools into standard security practices is essential for identifying potential vulnerabilities before they can be exploited. This proactive strategy significantly boosts an organization's ability to detect threats and maintain a strong security posture.

Furthermore, it's crucial for organizations to understand the roles of CISA and NIST in bolstering cybersecurity efforts. These agencies provide standardized alerts and funding for high-risk sectors, which can be invaluable for SMBs looking to enhance their security measures. Additionally, compliance certifications like ISO 27001 are essential for demonstrating adherence to industry standards, underscoring the need for tools like OpenVAS.

In conclusion, OpenVAS emerges as a valuable resource for organizations aiming to strengthen their cybersecurity defenses. Its robust capabilities, combined with the backing of a strong community and endorsements from regulatory bodies like CISA and NIST, make it an excellent choice for organizations navigating the complexities of risk management.

The central node represents OpenVAS, while the branches show different benefits and aspects of using this tool. Each branch helps you understand how OpenVAS supports SMBs in enhancing their cybersecurity.

Rapid7 InsightVM: Real-Time Vulnerability Management

Rapid7 InsightVM provides SMBs with insights into vulnerabilities across their networks, significantly enhancing their security posture. One standout feature is its real-time monitoring, which allows organizations to consistently assess their security posture, ensuring that no vulnerabilities are overlooked. This capability is crucial, especially considering that many vulnerabilities in 2025 were rated High or Critical, highlighting the urgent need for effective risk prioritization.

The platform's dashboard enables SMBs to focus on the most critical vulnerabilities first, streamlining their remediation process. Additionally, reports empower businesses to visualize their security status and effectively track remediation efforts. For instance, a small healthcare provider recently utilized InsightVM to identify and address vulnerabilities in their legacy systems, resulting in a 30% reduction in overall risk exposure.

Cybersecurity experts emphasize the importance of vulnerability management for SMBs, noting that it not only aids in identifying vulnerabilities but also enhances compliance with regulations like GDPR and HIPAA. As organizations face increasing cyber threats, leveraging tools such as Rapid7 InsightVM is essential for maintaining a robust defense and ensuring timely responses to emerging risks.

Are you ready to take your cybersecurity to the next level? Consider how InsightVM can help you safeguard your business.

The central node represents the software, while branches show its key features and their benefits. Follow the branches to understand how each feature enhances cybersecurity for SMBs.

Acunetix: Web Application Security Scanner

Acunetix serves as an automated tool, adept at identifying vulnerabilities and cross-site scripting. Its proof-based scanning technology provides users with precise results, allowing them to effectively secure their web applications.

But how can businesses improve security? By leveraging platforms such as cloud services, which offers comprehensive solutions and support, businesses can enhance their security posture. This integration of advanced features not only helps safeguard web applications but also provides valuable insights.

Imagine making informed decisions that empower your business to thrive in a competitive landscape. With the right tools, small and medium-sized businesses can achieve robust security. Are you ready to take the next step in securing your web applications?

Nmap: Versatile Network Scanning Tool

Nmap (Network Mapper) is a powerful tool designed for network exploration and auditing, and it is among the best vulnerability scanning tools. It’s an essential resource for small businesses looking to enhance their cybersecurity. By helping SMBs identify hosts and services within their networks, Nmap, as one of the leading tools, provides crucial insights into potential vulnerabilities, ultimately improving overall security.

Recent updates to Nmap have made it even more user-friendly. With new features that simplify the user interface, it’s now accessible to users with varying levels of technical expertise. For example, the addition of AI-driven functionalities allows for automated scanning based on real-time inquiries. This is particularly beneficial for organizations that may not have dedicated IT resources.

Real-world applications of Nmap showcase its effectiveness in strengthening cybersecurity. Many small businesses have successfully used Nmap as one of their primary tools to conduct thorough network evaluations, identifying vulnerabilities that cybercriminals could exploit. Take, for instance, a small retail firm that used Nmap to uncover exposed devices on their network. This led to the implementation of enhanced protective measures, significantly reducing their risk of attacks.

Cybersecurity professionals stress the importance of tools like Nmap. They point out that effective network mapping is vital for maintaining a strong defense, especially since 60% of small businesses experience cyberattacks. By regularly using Nmap, SMBs can proactively manage their network security and mitigate risks associated with external threats.

The benefits of using Nmap extend beyond just threat detection; it also aids in network management by ensuring that all networked devices are accounted for and secured. As small businesses increasingly recognize the need for comprehensive cybersecurity strategies, tools like Nmap become indispensable in their efforts to protect sensitive information.

The central node represents Nmap, while the branches illustrate its various aspects. Each color-coded branch helps you see how different features and applications relate to the overall goal of enhancing cybersecurity for SMBs.

Burp Suite: Web Application Security Testing Tool

Burp Suite is a web application security testing tool, designed to help businesses identify vulnerabilities. With features like an intercepting proxy, a security scanner, and comprehensive reporting tools, it stands out as a solution for organizations aiming to secure their web applications.

Have you ever wondered how secure your web applications really are? Vulnerabilities exist that could be exploited by malicious actors. By utilizing its robust capabilities, businesses can proactively address security concerns before they become critical issues.

In addition to its core functionalities, Burp Suite offers a user-friendly interface that simplifies the testing process. This makes it easier for teams, regardless of their technical expertise, to engage in effective security testing. By integrating this tool into your workflow, you not only enhance security but also foster a culture of security awareness within your organization.

Ultimately, investing in Burp Suite is a step towards improved cybersecurity. Don't wait for a breach to occur; take action now to protect your web applications and ensure your customers' trust.

ZAP: Open Source Web Application Security Scanner

OWASP ZAP (Zed Attack Proxy) is one of the best tools that is free and designed to identify weaknesses in web applications. With its user-friendly interface and extensive features, it stands out as an excellent choice for businesses looking to enhance security without incurring significant costs.

For small business owners, the question arises: how can you ensure application security? Integrating tools like ZAP with cybersecurity solutions offers an effective strategy. Value Aligners not only enhances protection through proactive measures but also guarantees compliance. This combination enables businesses to mitigate risks while developing more intelligently.

In addition, consider the potential risks your business faces online. By leveraging ZAP alongside Value Aligners and utilizing best practices, you can proactively identify vulnerabilities and stay ahead of threats. This approach not only secures your applications but also fosters trust with your customers, who value their data security.

Ultimately, investing in tools like OWASP ZAP and AI-driven solutions is not just about compliance; it's about building a resilient digital presence. Take action today to protect your business and ensure a safer online environment.

The central node represents OWASP ZAP, while the branches show how it connects to various aspects of web security, including AI integration and risk management. Each sub-branch provides more detail on these strategies.

Core Impact: Penetration Testing Tool for Security Assessment

Core Impact is a powerful tool that empowers teams to simulate and assess their defensive posture. With features like real-time testing, customizable scenarios, and a certified exploit library, it enables organizations to proactively identify weaknesses and bolster their defenses.

Why is simulating real-world assaults so crucial? These practices are essential for understanding potential threats and enhancing overall protective measures. For instance, a midsized healthcare firm that implemented Core Impact saw a remarkable 42% reduction in vulnerabilities within just six months of increasing their testing frequency. This example underscores the tool's effectiveness in real-world applications, particularly for SMBs navigating complex risk environments.

Recent updates to Core Impact have further amplified its capabilities, making it an invaluable resource for businesses striving to stay ahead of evolving threats. By focusing on practical, actionable insights, Core Impact not only aids organizations in meeting compliance standards but also fortifies their security posture against increasingly sophisticated attacks.

Are you ready to take your cybersecurity to the next level? With Core Impact, you can enhance your defenses and protect your business from potential threats.

The central node represents Core Impact, while the branches show its features, importance, effectiveness, and updates. Each branch connects to specific details, helping you understand how this tool enhances cybersecurity.

Conclusion

The landscape of cybersecurity for small and medium-sized businesses (SMBs) is changing rapidly, making it essential to adopt effective vulnerability scanning tools. This article highlights ten open-source vulnerability scan tools that not only bolster security measures but also empower SMBs to proactively manage risks. By leveraging these tools, businesses can significantly lower their vulnerability to cyber threats while ensuring compliance with industry standards.

Key tools such as:

  1. Nessus
  2. QualysGuard
  3. OpenVAS
  4. Rapid7 InsightVM

stand out for their unique features and benefits. Each tool provides tailored solutions, from comprehensive vulnerability management to real-time insights, enabling organizations to prioritize their cybersecurity efforts effectively. Moreover, the integration of AI-powered solutions, like Value Aligners, enhances the potential of these tools by offering customized support and market insights, allowing SMBs to navigate the complexities of cybersecurity with confidence.

Investing in these vulnerability scanning tools is not just a precaution; it’s a strategic move that can strengthen a business's defenses against an increasingly hostile cyber environment. As cyber threats continue to evolve, small and medium-sized enterprises must prioritize their cybersecurity strategies and utilize available resources to protect their assets and maintain customer trust.

So, why wait? Taking action now to implement these tools will not only enhance security but also pave the way for sustainable growth and resilience in the digital age. Are you ready to fortify your defenses and secure your business's future?

Frequently Asked Questions

What is Value Aligners and how does it assist SMBs?

Value Aligners is an AI-powered platform that connects small and medium-sized enterprises (SMEs) with customized cybersecurity solutions. It simplifies the cybersecurity landscape, enabling organizations to make informed decisions to enhance their defenses.

What are the key features of Value Aligners?

Key features include AI-powered partner matching for connecting with like-minded partners, real-time market insights on emerging threats and compliance, and 24/7 professional support for navigating cybersecurity complexities.

Why is AI important in the cybersecurity landscape for SMBs?

AI is transforming cybersecurity by improving the effectiveness of security measures. It streamlines security processes and can lower attack success rates by over 90%, addressing the significant cybersecurity concerns faced by SMBs.

What percentage of small enterprises lack cybersecurity measures?

51% of small enterprises lack any cybersecurity measures, making them particularly vulnerable to attacks.

What is Nessus and what is its primary function?

Nessus is a comprehensive vulnerability scanning tool developed by Tenable that identifies vulnerabilities across networks, systems, and applications to maintain robust security protocols.

How does Nessus benefit small businesses?

Nessus offers customizable reporting features that allow small businesses to tailor assessments to their specific needs, helping them prioritize vulnerabilities based on their unique risk profiles.

What are the financial implications of data breaches for small businesses?

In 2025, the average cost of a data breach for small businesses reached $120,000, highlighting the need for proactive security measures.

What impact has Nessus had on organizations using it?

Organizations that implement Nessus report improved vulnerability management and a 70% decrease in employee errors related to cybersecurity due to the insights gained from thorough scanning.

What is QualysGuard and what does it offer?

QualysGuard is a cloud-based vulnerability management solution that provides real-time insights into security posture, automated scanning, continuous monitoring, and comprehensive reporting for small and medium enterprises.

How does QualysGuard help SMBs with compliance?

QualysGuard enables businesses to proactively identify and address vulnerabilities, ensuring compliance with industry standards and navigating complex regulatory environments.

Why is adopting advanced tools like QualysGuard important for SMBs?

Adopting advanced tools reduces risks and fosters a culture of security awareness within organizations, helping them protect their operations and maintain a competitive edge.

List of Sources

  1. Value Aligners: AI-Powered Cybersecurity Solutions for SMBs
    • connectwise.com (https://connectwise.com/resources/state-of-smb-cybersecurity)
    • Latest AI-Powered Cybersecurity News Today | Trends, Predictions, & Analysis (https://forbes.com/topics/ai-cybersecurity)
    • Cyber Readiness for Small Businesses: Gen AI Is Both Your Greatest Ally and Scariest Threat - Cyber Readiness Institute (https://cyberreadinessinstitute.org/news-and-events/cyber-readiness-for-small-businesses-gen-ai-is-both-your-greatest-ally-and-scariest-threat)
    • 35 Alarming Small Business Cybersecurity Statistics for 2026 | StrongDM (https://strongdm.com/blog/small-business-cyber-security-statistics)
    • networkdr.com (https://networkdr.com/cybersecurity/ai-cyberattacks-smb-losses-2025-protect)
  2. Nessus: Comprehensive Vulnerability Scanning Tool
    • qualysec.com (https://qualysec.com/small-business-cyber-attack-statistics)
    • High-severity Tenable vulnerability scanner bugs fixed (https://scworld.com/brief/high-severity-tenable-vulnerability-scanner-bugs-fixed)
    • infosecurity-magazine.com (https://infosecurity-magazine.com/news/tenable-fixes-flaws-nessus)
    • High-Severity Vulnerabilities Patched in Tenable Nessus Agent (https://securityweek.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent)
    • Critical Nessus Vulnerability CVE-2025-36630 Allows SYSTEM File Overwrites on Windows | Patch Now (https://webasha.com/blog/critical-nessus-vulnerability-cve-2025-36630-allows-system-file-overwrites-on-windows-patch-now?ref=blog.valuealigners.com)
  3. QualysGuard: Cloud-Based Vulnerability Management
    • 50+ Cloud Security Statistics in 2026 (https://sentinelone.com/cybersecurity-101/cloud-security/cloud-security-statistics)
    • ROCon Houston 2025: Qualys Expands Enterprise TruRisk Management (ETM) with Built-in Agentic AI Fabric to Include Identity Security, Industry-Specific Threat Prioritization, and Exploit Validation (https://prnewswire.com/news-releases/rocon-houston-2025-qualys-expands-enterprise-trurisk-management-etm-with-built-in-agentic-ai-fabric-to-include-identity-security-industry-specific-threat-prioritization-and-exploit-validation-302584266.html)
    • 7 SMB Cybersecurity Statistics for 2026 | NinjaOne (https://ninjaone.com/blog/smb-cybersecurity-statistics)
    • sprinto.com (https://sprinto.com/blog/cloud-security-statistics)
  4. OpenVAS: Open Source Vulnerability Assessment System
    • gorilla360.co.uk (https://gorilla360.co.uk/nessus-vs-openvas-vs-qualys-leading-vulnerability-management-tools-in-2025)
    • onlinehashcrack.com (https://onlinehashcrack.com/guides/security-tools/openvas-2025-enterprise-vulnerability-scanner.php)
    • Open Source Vulnerability Scanner Market Size Report 2035 (https://researchnester.com/reports/open-source-vulnerability-scanner-market/7571)
    • 12 popular vulnerability scanning tools in 2025 | Red Canary (https://redcanary.com/cybersecurity-101/security-operations/vulnerability-scanning-tools)
    • OpenVAS commands 0.3% market share in Network Security (https://enlyft.com/tech/products/openvas)
  5. Rapid7 InsightVM: Real-Time Vulnerability Management
    • Vulnerability Management Statistics 2026 | Trends, Insights & Key Data (https://comparecheapssl.com/vulnerability-management-statistics-key-insights-trends)
    • Vulnerabilities Statistics 2025: Record CVE Surge (https://deepstrike.io/blog/vulnerability-statistics-2025)
    • 7 SMB Cybersecurity Statistics for 2026 | NinjaOne (https://ninjaone.com/blog/smb-cybersecurity-statistics)
    • solutionsreview.com (https://solutionsreview.com/cybersecurity-awareness-month-quotes-and-commentary-from-industry-experts-in-2025)
  6. Acunetix: Web Application Security Scanner
    • qualysec.com (https://qualysec.com/small-business-cyber-attack-statistics)
    • 7 SMB Cybersecurity Statistics for 2026 | NinjaOne (https://ninjaone.com/blog/smb-cybersecurity-statistics)
    • Top 5 Web Application Security Tools You Must Use in 2025 - SSBCrack News (https://news.ssbcrack.com/web-application-security-tools)
    • 35 Alarming Small Business Cybersecurity Statistics for 2026 | StrongDM (https://strongdm.com/blog/small-business-cyber-security-statistics)
    • Must-Know Small Business Cybersecurity Statistics for 2026 (https://bdemerson.com/article/small-business-cybersecurity-statistics)
  7. Nmap: Versatile Network Scanning Tool
    • 7 SMB Cybersecurity Statistics for 2026 | NinjaOne (https://ninjaone.com/blog/smb-cybersecurity-statistics)
    • 205 Cybersecurity Stats and Facts for 2026 (https://vikingcloud.com/blog/cybersecurity-statistics)
    • New Kali Tool llm-tools-nmap Uses Nmap For Network Scanning Capabilities (https://teamwin.in/new-kali-tool-llm-tools-nmap-uses-nmap-for-network-scanning-capabilities)
    • 35 Alarming Small Business Cybersecurity Statistics for 2026 | StrongDM (https://strongdm.com/blog/small-business-cyber-security-statistics)
    • qualysec.com (https://qualysec.com/small-business-cyber-attack-statistics)
  8. Burp Suite: Web Application Security Testing Tool
    • PortSwigger’s Burp AI Recognized as Leading AI Tool in HackerOne’s Latest Security Report (https://businesswire.com/news/home/20251010781297/en/PortSwiggers-Burp-AI-Recognized-as-Leading-AI-Tool-in-HackerOnes-Latest-Security-Report)
    • Hacking Web Applications with the New AI Features in Burp Suite (https://trustfoundry.net/2025/03/03/burpsuites-new-ai-features-are-they-as-ai-mazing-as-they-sound-2)
    • gbhackers.com (https://gbhackers.com/burp-suite-2025-1-released-whats-new)
    • The year so far: How Burp Suite DAST is leveling up enterprise security in 2025 (https://portswigger.net/blog/the-year-so-far-how-burp-suite-dast-is-leveling-up-enterprise-security-in-2025)
  9. ZAP: Open Source Web Application Security Scanner
    • zaproxy.org (https://zaproxy.org/blog/2025-10-01-zap-updates-september-2025)
    • zaproxy.org (https://zaproxy.org/blog)
    • Top 5 Web Security Scanners in 2025: Protect Your Digital Assets (https://dev.to/freedom-coder/top-5-web-security-scanners-in-2025-protect-your-digital-assets-53a5)
    • Cyber Attacks on Small Businesses (2025): Survival Guide (https://deepstrike.io/blog/cyber-attacks-on-small-businesses)
    • Security Testing in 2025: AI, Cloud Native, and More (https://mend.io/blog/security-testing-in-2025-testing-apps-ai-cloud-native-and-more)
  10. Core Impact: Penetration Testing Tool for Security Assessment
  • 83 Penetration Testing Statistics: Key Facts and Figures (https://getastra.com/blog/security-audit/penetration-testing-statistics)
  • 86 Penetration Testing Statistics: Key Facts and Figures (https://deepstrike.io/blog/penetration-testing-statistics-2025)
  • coresecurity.com (https://coresecurity.com/blog/core-impact-quarterly-chronicle-exploits-and-updates-q2-2025)
  • Penetration testing statistics, vulnerabilities and trends in 2026 – Cyphere (https://thecyphere.com/blog/penetration-testing-statistics)
  • Core Security Unveils IMPACT Pro v9 Pen-Testing Software (https://darkreading.com/cybersecurity-analytics/core-security-unveils-impact-pro-v9-pen-testing-software)