Best IT Security Tools & Software. rewind< & past 2009. http://www.security- database.com



Similar documents
June 2014 WMLUG Meeting Kali Linux

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Newsletter - September T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER

Vinny Hoxha Vinny Hoxha 12/08/2009

CRYPTUS DIPLOMA IN IT SECURITY

Kerem Kocaer 2010/04/14

James Stanger, PhD Senior Director, Products - CompTIA 18 November, 2015

Vulnerability analysis

!!!!!!!!!!!!!!!!!!!!!!

Vulnerability Assessment and Penetration Testing

How To Use A Policy Auditor (Macafee) To Check For Security Issues

EFFECTIVE VULNERABILITY SCANNING DEMYSTIFYING SCANNER OUTPUT DATA

Vulnerability Assessment Lab

Network Penetration Testing

Course Title: Course Description: Course Key Objective: Fee & Duration:

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Using Nessus In Web Application Vulnerability Assessments

Streamlining Application Vulnerability Management: Communication Between Development and Security Teams

by Penetration Testing

Penetration Testing. What Is a Penetration Testing?

BMC Client Management - SCAP Implementation Statement. Version 12.0

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Security compliance automation with Red Hat Satellite

Deciphering The Prominent Security Tools Ofkali Linux

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

The Security Development Life Cycle

Technical Proposal. In collaboration with Main Contractor. 24 th April 2012 (VER. 1.0) E-SPIN SDN BHD

BASICS OF ETHICAL HACKING

Penetration Testing Workshop

Security Tools VULNERABILITY SCANNERS

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Audit Tools That Won t Break the Bank

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

WHITEPAPER. Nessus Exploit Integration

encription IT Security and Forensic Services

BackTrack 5 tutorial Part I: Information gathering and VA tools

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

A Network Administrator s Guide to Web App Security

Open Source Security Tool Overview

9 Free Vulnerability Scanners + 1 Useful GPO Tool

How To Hack A Nmap Port Scan With A 10 Second Delay On A Network With A Network On A Windows Server (For A Freebie) On A Linux Computer (For Freebie). For A Free Download) On An Ipnet (For

Service Definition (Q-D1) Vulnerability Scan (LITE Test) Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition

Copyright 2015 Splunk Inc. Affordable Security: Making the most of free tools and data. Craig Merchant. Senior Security Architect, Oracle

Report Book: Retina Network Security Scanner Unlimited

Secrets of Vulnerability Scanning: Nessus, Nmap and More. Ron Bowes - Researcher, Tenable Network Security

EC-Council Certified Security Analyst (ECSA)

INFORMATION SECURITY TESTING

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Defending your Web Applications from Attack: Presenter: Damira Pon, UAlbany. NYS Forum Web & Accessibility Workgroup Talk. NYS Forum Training Room

Service Definition (Q-D1) Penetration Testing. Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

Anatomy of an ethical penetration test

Federal Desktop Core Configuration (FDCC)

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Bust a cap in a web app with OWASP ZAP

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

Vulnerability Management

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Network Security Testing

SCAP for VoIP Automating Configuration Compliance. 6 th Annual IT Security Automation Conference

April 11, (Revision 2)

LinuxCon #1 OpenVAS Open Vulnerability Scanning Free your vulnerabilities!

INFORMATION SECURITY TRAINING CATALOG (2015)

HackMiami Web Application Scanner 2013 PwnOff

GFI Product Comparison. GFI LanGuard 2011 vs Retina Network Security Scanner

Attack and Penetration Testing 101

NSSA Faculty Involvement in IT Security Auditing at RIT

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

1 Scope of Assessment

Information Security Office

gathering Dave van Stein 9 april 2009

Secunia Vulnerability Intelligence Manager (VIM) 4.0

Digi Device Cloud: Security You Can Trust

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

Certified Ethical Hacker (CEH)

Turn-key Vulnerability Management

Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Together. Dan Cornell. CTO, Denim

Proactive Vulnerability Management Using Rapid7 NeXpose

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

List of Scanner Features (3 of 3)

Transcription:

Best IT Security Tools & Software rewind< & past 2009 Nabil OUCHN CEO & Founder Maximiliano SOLER ToolsWatch Process Leader http://www.security- database.com

The year 2009 was very intense of emotions, sadness, sorrows, and conflicts. The world as we knew or at least our parents did is changing so fast and unfortunately not in the right way. The very bad economic situation, the stinky religions conflicts, the riots and wars, the increase of radical extremists and the policy of fear that the governments feed us are urging this earth to an excruciating end. But instead of talking about politicians and their immature and childish job they are doing as spreading fear, making the wrong choices (as usual), wasting taxpayers money and time, dumping people into poverty, we d prefer focusing into enumerating the great software and tools we ve seen this year. So, we are happy that 2009 is finally over and we expect the best for 2010.

Scoring criteria We ve conducted this new survey on the basis on some criteria (as we did two years before). Since the last survey (2007), we decided to add these new criteria: - Community support - Documentation - Popularity (Twitter followers) Criteria Audience Community Support Documentation Features Maintenance Comment Each tool has its target audience. Tool has a community version with support and the appropriate documentation. All documentation are easy to read and to understand and at least written in English. Wiki, blogs and other collaborative support are a must. Built-in, plug-in, functionalities, capabilities, use of APIs, interoperability with other systems Frequency of bugs fixing, generating new releases, nightly builds, beta testing. The popularity of the tool among the community. Popularity Reporting Standards, Metrics & Open Standards Updates Twitter followers. Average of visits and download based on our statistics for the year 2009. Support of charts, dashboard, exporting to multiple formats (HTML, XML, PDF). The ability of the tool to map findings with Compliance, standards and open standards or to score vulnerability / risks with metrics. Standard and metrics could be: CVE, CVSS, CWE, CPE, CCE, OVAL, SCAP, CAPEC, ISO 2700x, NIST, PCI DSS... Frequency of updates: adding new features, new plug-in, updating vulnerability database, updating techniques

Open Source & Free Utilities Penetration Tests and Ethical Hacking Winner Excellent Recommended (Promising) Information Gathering Maltego Binging Network Scanners and Discovery Nmap v5 Netifera Angry IP Scanner AutoScan Vulnerability Scanners Nessus OpenVAS NeXpose Application Scanners W3AF Samurai WTF Nikto Exploitation Frameworks Metasploit v3 DB Exploit Website Wireless Hacking OSWA AirCrack suite AiroScript-NG Live CDs BackTrack 4 Katana Matriux Security Assessment Winner Excellent Recommended (Promising) Windows Auditing OVAL interpreter Nessus Local Plug-ins Sysinternals tools Unix Auditing Lynis CIS Scoring OpenSCAP Firewall & Filtering Devices None None None Application Assessment BurpSuite WebSecurify CAT The manual web application

Winner Excellent Recommended (Promising) Wireless Auditing OSWA Kismet Inssider Kismac Forensics CAINE Mobius / Process Hacker Netwitness Free Edition Datamining / Logs Management Splunk community release Dradis IT Management SpiceWorks Paglo IT Code Analysis Rats Graudit MS CAT.net Password Analysis Cain & Abel John The Ripper OphCrack Database Auditing Db Audit Free edition Pangolin SQL Map Wapiti VoIP / Telephony Auditing VAST Viper WarVox

Commercial software Winner Excellent Recommended (Promising) Vulnerability Management Tenable Nessus ProFeed WebSaint / NeXpose Entreprise Application Security Assessment Acunetix / N-stalker IBM AppSCAN Netsparker Patch Management GFI Languard NSS Lumension EndPoint Penetration Testing and Exploitation CoreImpact SaintExploit

Links and References Editor Maltego Binging Nmap Netifera AutoScan Angry IP Scanner Nessus NeXpose OpenVAS W3AF Metasploit Samurai WTF Nikto Exploit DB OSWA AirCrack-NG Suite AiroScript-NG BackTrack 4 Katana Matriux Oval Interpreter Sysinternals suite Lynis http://www.paterva.com/web4/index.php/maltego http://www.blueinfy.com http://www.nmap.org http://netifera.com http://autoscan-network.com http://www.angryip.org http://www.nessus.org http://community.rapid7.com http://www.openvas.org http://w3af.sourceforge.net http://www.metasploit.org http://samurai.inguardians.com http://cirt.net/nikto2 http://www.exploit-db.com http://securitystartshere.org/page-training-oswa.htm http://www.aircrack-ng.org http://airoscript.aircrack-ng.org http://www.remote-exploit.org http://www.hackfromacave.com/katana.html http://www.matriux.com http://oval.mitre.org http://technet.microsoft.com/sysinternals http://www.rootkit.nl

Editor CIS Scoring tools OpenSCAP BurpSuite Websecurify CAT The Manual Web Application Audit Kismet Kismac Inssider CAINE Mobius Forensics Toolkit Process Hacker Netwitness Free Edition Splunk Community Dradis Spiceworks Community Paglo IT RATS Graudit OWASP Code Crawler Cain & Abel OphCrack John the Ripper DB Audit Free Edition Pangolin http://www.cisecurity.org http://www.open-scap.org http://portswigger.net http://www.websecurify.com http://cat.contextis.co.uk http://www.kismetwireless.net http://kismac-ng.org http://www.metageek.net/products/inssider http://www.caine-live.net http://freshmeat.net/projects/mobiusft http://processhacker.sourceforge.net http://www.netwitness.com http://www.splunk.com http://dradisframework.org http://www.spiceworks.com http://paglo.com http://www.fortify.com http://www.justanotherhacker.com http://www.owasp.org http://www.oxid.it http://ophcrack.sourceforge.net http://www.openwall.com/john http://www.softtreetech.com http://www.nosec.org

Editor SQL Map Wapiti VAST Viper WarVox http://sqlmap.sourceforge.net http://wapiti.sourceforge.net http://vipervast.sourceforge.net http://warvox.org Commercial software Tenable Nessus Profeed WebSaint NeXpose Entreprise Acunetix N-Stalker IBM AppSCAN NetSparker GFI Languard Lumension EndPoint Core Impact SaintExploit http://nessus.org/products/professional-feed/ http://www.saintcorporation.com http://www.rapid7.com/ www.acunetix.com/ http://www.nstalker.com/ http://www-01.ibm.com/software/awdtools/appscan/ http://www.mavitunasecurity.com/ http://www.gfi.com/languard/ http://www.lumension.com http://www.coresecurity.com/ http://www.saintcorporation.com

Security news in brief What s happened Link Returns of The L0pht Industry VoIPScanner the first VoIP scanner As A Service Rapid7 acquires Metasploit Nmap v5.0 released Metasploit 3.x the best exploitation framework The attack of conficker http://www.security-database.com/toolswatch/the-famous-l0pht-comis-up-and.html http://www.security-database.com/toolswatch/l0phtcrack-is-backwith-a-new.html http://www.security-database.com/toolswatch/voipscanner-com-the- First-VoIP.html http://www.rapid7.com/metasploit-announcement.jsp http://nmap.org/5/ http://blog.metasploit.com/2009/11/metasploit-framework-33- released.html http://www.security-database.com/toolswatch/scanners-and-utilitiesto-detect.html http://www.security-database.com/detail.php?alert=cve-2008-4250 Sara project retired Nessus turns to web with version 4.2 OWASP Guide v3.0 released CWE/SANS top dangerous programming errors http://www.security-database.com/toolswatch/sara-project-retired- Last-release.html http://blog.tenablesecurity.com/2009/11/nessus-42-released.html http://www.owasp.org/index.php/owasp_testing_guide_v3_table_ of_contents http://www.security-database.com/toolswatch/cwe-sans-top-25- Most-Dangerous.html

The idiot move Nipper the dog is retired from Sourceforge. http://sourceforge.net/projects/nipper/ The smart move Keeping Metasploit open source and even adding support of Nexpose from Rapid7. http://blog.metasploit.com/2009/12/metasploit-331-nexpose-community.html Security Hoax The death of Str0ke from milw0rm http://www.security-database.com/toolswatch/+rip-str0ke-milw0rm+.html http://twitter.com/str0ke The worst and shameless Internet innovation And the winner is France for HADOPI LAW. http://en.wikipedia.org/wiki/hadopi_law http://www.laquadrature.net/ http://www.korben.info/ipredator-la-solution-100-anti-hadopi.html http://www.partipirate.org/blog/index.php Big brother project of the year And the winner is France for HADOPI LAW.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information