The Glider

Posted in Security Tools, Tools on April 24th, 2010 by SecurityDatabase

Security Ninja blog : The tool is the result of me thinking about writing a tool to help people conduct security code reviews for over a year. I had conference presentations to prepare, certification exams to sit and of course a lot of conference speaking slots last year which meant the tool idea had to go on the backburner. The benefit of having this idea going around in my head for so long is that I knew exactly what I wanted the tool to look like and how I wanted it to function before I (...) - Security Tools / Code Auditing

Tags: Tools |

Posted in Security Tools, Tools on April 23rd, 2010 by SecurityDatabase

Released HITB Magazine. Vol. 1, Issue 2, April 2010.
The people of Hack In the Box, decided to make the ezine available for free in the continued spirit of HITB in “Keeping Knowledge Free”. In addition to the freely available PDF downloads, combined editions of the magazine will be printed in limited quantities for distribution at the various HITBSecConf's around the world - Dubai, Amsterdam and Malaysia. We aim to only print somewhere between 100 or 200 copies (maybe less) per conference so (...) - Security Tools

Tags: Tools |

Posted in Security Tools, Tools on April 22nd, 2010 by SecurityDatabase

A tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. The aim of the tool is to accompany the OWASP Code review Guide and to implement a total code review solution for "everyone".
Version 2.7
Removed unused References and Objects
Reduced Noise (.NET Files)
Replaced old scanning engine with new multi step engine (Only Stage 1 is active in this release for Single File Scan Only)
New DarkMoon IDE (...) - Security Tools / Owasp, Code Auditing, Configurations checks, Code Crawler

Tags: Tools |

Posted in Security Tools, Tools on April 22nd, 2010 by SecurityDatabase

The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities.
It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP.
Version 0.5.9
built on windows (without probe support)
better support on RHEL5
OVAL model validation functionality
OVAL, XCCDF xml file validation (...) - Security Tools / Vulnerability Scanner, Configurations checks, Local auditing, OpenSCAP

Tags: Tools |

Posted in Security Tools, Tools on April 22nd, 2010 by SecurityDatabase

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn't a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License.
Version 0.5.6
In this version there are new and important features:
HTTP (...) - Security Tools / Network Monitoring, Forensics, Xplico

Tags: Tools |

Posted in Security Tools, Tools on April 20th, 2010 by SecurityDatabase

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization's web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities.
Version 4.0
Fast and ultra fast scans - Sandcat 4 provides significantly faster scans (500+ requests /sec when running a common web server (...) - Security Tools / SandCat, Vulnerability Scanner, Application Scanner

Tags: Tools |

Posted in Security Tools, Tools on April 19th, 2010 by SecurityDatabase

A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
Fuzzdb is a comprehensive set of known attack pattern sequences to be utilized for intelligent brute force testing in order to rapidly identify exploitable conditions in new applications.
Primary sources used for attack pattern research:
researching old web exploits for repeatable attack strings
scraping scanner patterns from http logs
various books, (...) - Security Tools / Fuzzers, Bruteforcers, Attack, Fuzzdb

Tags: Tools |

Posted in Security Tools, Tools on April 19th, 2010 by SecurityDatabase

A Managed Code Rootkit (MCR) is a special type of malicious code that is deployed inside an application level virtual machine such as those employed in managed code environment frameworks – Java, .NET, Dalvik, Python, etc.
Having the full control of the managed code VM allows the MCR to lie to the upper level application running on top of it, and manipulate the application behavior to perform tasks not indented originally by the software developer.
ReFrameworker is a general purpose (...) - Security Tools / Rootkits, ReFrameworker

Tags: Tools |

Posted in Security Tools, Tools on April 19th, 2010 by SecurityDatabase

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
The OWASP Top 10 Web Application Security Risks for 2010 are:
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: (...) - Security Tools / Owasp

Tags: Tools |

Posted in Security Tools, Tools on April 15th, 2010 by SecurityDatabase

Ubuntu Pentest Edition is a gnome based linux designed as a complete system which can also be used for penetration testing. Ubuntu Pentest Edition has a big repository of software (Ubuntu repositories) and high customization possibilities. The system is made in a way that you can configure it to suite your needs.
With Ubuntu Pentest Edition comes around 300 tools for penetration testing and set of basic services which are needed in penetration testing. Also we are preparing a repository of (...) - Security Tools / Penetration testing & Ethical Hacking, LiveCD, Ubuntu Pentest Edition

Tags: Tools |