The Glider

Posted in Security Tools, Tools on April 9th, 2010 by SecurityDatabase

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool that that has been available and actively updated for over 10 years. Sadly, all good things have to come to an end and so it goes for SARA. SARA 7.9.1 is our last release. Actually, SARA-7.9.2a is the final release.
The first generation assistant, the Security Administrator's Tool for Analyzing Networks (SATAN) was developed in early 1995. It became the benchmark for network security (...) - Security Tools / Saint, Vulnerability Scanner

Tags: Tools |

Posted in Security Tools, Tools on April 9th, 2010 by SecurityDatabase

This tool acts much like a standard Ethernet network sniffer. However, unlike a traditional packet sniffer it doesn't attempt to capture and decode all traffic but instead is geared toward discovering useful infrastructure and security-related data from the network, often from traffic not sent to or from the host system i.e. general broadcast network traffic. This data can reveal all manner of useful information, ranging from live systems on the network, hostnames, Ipv6 systems, routers and (...) - Security Tools / Information Gathering, Data Sniffer, CSniffer

Tags: Tools |

Posted in Security Tools, Tools on April 9th, 2010 by SecurityDatabase

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
We just updated our Vulnerability Cross Link Engine to take into account alerts classified as CWE/SANS (...) - Security Tools / Metrics

Tags: Tools |

Posted in Security Tools, Tools on April 9th, 2010 by SecurityDatabase

Common Attack Pattern Enumeration and Classification (CAPEC) provides a a publicly available catalog of attack patterns along with a comprehensive schema and classification taxonomy. The CAPEC assists in enhancing security throughout the software development lifecycle, and to support the needs of developers, testers and educators
In an effort to remain compliant to security open standards, we've just updated our vulnerability database to reflect the latest changes made to the CAPEC catalog (...) - Security Tools / Metrics, Configurations checks

Tags: Tools |

Posted in Security Tools, Tools on April 9th, 2010 by SecurityDatabase

Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps.
Qubes implements Security by Isolation approach. To do this, Qubes utilizes virtualization technology, to be able to isolate various programs from each other, and even sandbox many system-level components, like networking (...) - Security Tools / Security Solutions, Qubes

Tags: Tools |

Posted in Security Tools, Tools on April 8th, 2010 by SecurityDatabase

XMCO Partners, a consulting firm specializing in computer security, presents its application iCERT-XMCO.
The application consists of 3 main tabs:
The first "INFO" to track key information security (new attacks, viruses, data leaks, expert opinion of the week ....)
The second "ALERT" The notified alerts of the moment
The third "TECH" gives an overall description of the main vulnerabilities and issues of the day
Changelog
Egde (...) - Security Tools

Tags: Tools |

Posted in Security Tools, Tools on April 8th, 2010 by SecurityDatabase

FreeSentral is a full IP PBX consisting of a Linux Distribution, an IP PBX and a Web Graphical User Interface for easy configuration.
Features
Define, group extensions
Set dial plan
Direct Inward Calling
Set Auto Attendant
Music on hold
Short Dialing
Set call forwarding
Voicemail
Our opinion
For all security audits on VoIP systems, FreeSental can make a quick and easy solution to implement. It can therefore be used as a training platform for testing VoIP vulnerabilities and (...) - Security Tools / LiveCD, VoIP, FreeSentral

Tags: Tools |

Posted in Security Tools, Tools on April 8th, 2010 by SecurityDatabase

log2timeline is a framework for artifact timeline creation and analysis. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a body file that can be used to create a timeline, using tools such as mactime from TSK, for forensic investigators.
GUI has been written in Perl-GTK2 for creating the timeline. Since the GUI is written in GtK2 it will not work on every OS. It has (...) - Security Tools / Configurations checks, Forensics, log2timeline

Tags: Tools |

Posted in Security Tools, Tools on April 8th, 2010 by SecurityDatabase

PyLoris is a tool for testing a web server's vulnerability to a particular class of Denial of Service (DoS) attacks. It uses the Slowloris method; by using all available connections, web servers cannot complete valid requests.
PyLoris is a scriptable tool for testing a web server's vulnerability to Denial of Service (DoS) attacks which supports SOCKS, SSL, and all HTTP request methods. It uses the Slowloris method.
Changes
Tkinter based GUI for attacks
Multiple concurrent attack support (...) - Security Tools / Configurations checks, Attack, PyLoris

Tags: Tools |

Posted in Security Tools, Tools on April 7th, 2010 by SecurityDatabase

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
Bug Fixes:
Fixed: Login Sequence Recorder was not using client certificates when recording a login sequence
Fixed: Login Sequence Recorder was not (...) - Security Tools / Vulnerability Scanner, Application Scanner, Acunetix

Tags: Tools |