SlideShare uma empresa Scribd logo

IT Vulnerability & Tools Watch 2011

W
WASecurity
Tecnologia
1 de 14
Baixar para ler offline
IT Vulnerability & ToolsWatch Nabil OUCHN & Maximiliano SOLER The present document describes the Best Tools and Utilities from 2011. Divided into categories, carefully separated, based on the VulnerabilityDatabase.com Scoring Criteria. 228 Hamilton Avenue 3rd Floor Palo Alto, CA 94301 contact (at) netpeas (dot) com
Introduction The world is changing, the security information too. For years we see that the protests are made by people - face to face - using violence and the media to disseminate what happens at that time. LulzSec and others organized groups like Anonymous have threatened huge companies, defending what they believed right. Changing the way of manifestation from political to social issues. Great personalities related to the technology and information security world have passed away. These include publicly the following people: Steven Paul Jobs, Dennis Ritchie, John McCarthy and Paul ‘CrashFR’ Pinto. S Talent people that created and innovated. Leading theories and tools that we know today e and are used as the basis of creation. c From VulnerabilityDatabase.com we create this inform developed through ToolsWatch u vision with the best tools and applications that we have focused during 2011. r i t  Nabil OUCHN  Maximiliano SOLER y CTO & Co-Founder NETpeas SA. ToolsWatcher Leader Twitter: @toolswatch Twitter: @maxisoler & - Page 2 of 14 - A
What is VulnerabilityDatabase.com? VD is the first Collaborative Vulnerability & Tools Watch Service. It provides updates on Threats & Security Tools. The main features are the following:  Huge Database of Tools.  Latest Security News.  Community Feature enabled.  Ask a Hacker Forum.  Free Registration. - Page 3 of 14 -
Content Scoring Criteria ............................................................................................. 5 Open Source & Free Utilities ......................................................................... 6 Penetration Testing and Ethical Hacking .................................................. 6 Security Assessment .................................................................................. 6 Commercial Software .................................................................................... 7 Links and References .................................................................................... 8 2011 Security News in Brief ....................................................................... 12 What Happened ....................................................................................... 12 Cool Papers .............................................................................................. 12 The Great Loss ......................................................................................... 13 Top Hacks ................................................................................................. 13 Conferences ............................................................................................. 14 The worst and stupid Internet Strategy .................................................. 14 - Page 4 of 14 -
Scoring Criteria We have conducted this new survey on the basis on some criteria (as we did two years before). Since the last survey (2009), we decided to add these new criteria: Community Support. Documentation. Popularity (Twitter followers). Criteria Comment Audience Each tool has its target audience. Built-in, plug-in, functionalities, capabilities, use of APIs, Features interoperability with other systems. Frequency of updates: adding new features, new plug-in, Updates updating vulnerability database, updating techniques. Frequency of bugs fixing, generating new releases, nightly Maintenance builds, beta testing. Tool has a community version with support and the Community Support appropriate documentation. All documentation are easy to read and to understand and Documentation at least written in English. Wiki, blogs and other collaborative support are a must. Support of charts, dashboard, exporting to multiple formats Reporting (HTML, XML, PDF). The ability of the tool to map findings with Compliance, standards and open standards or to score vulnerability / Standards, Metrics & risks with metrics. Open Standards Standard and metrics could be : CVE, CVSS, CWE, CPE, CCE, OVAL, SCAP, CAPEC, ISO 2700x, NIST, PCI DSS. The popularity of the tool among the community. Twitter followers Popularity Average of visits and download based on our statistics for the year 2009. - Page 5 of 14 -
Open Source & Free Utilities Penetration Testing and Ethical Hacking Recommended Winner Excellent (Promising) Ex æquo : Ex æquo : Foca Information Gathering Maltego theHarvester Google Hacking WhatWeb Diggity Project Network Scanners & Ex æquo : OWASP Zed Nmap Discovery AutoScan Attack Proxy Ex æquo : Vulnerability Scanners Nessus OpenVAS VEGA NeXpose Application Scanners w3af Arachni Nikto Metasploit Exploitation Frameworks DB Exploit Website SAP Bizploit Armitage Wireless Hacking Kismet AirCrack suite AirCheck Live CDS BackTrack 5 Matriux BackBox Security Assessment Recommended Winner Excellent (Promising) Microsoft Web Application Windows Auditing OVAL Interpreter Sysinternals Tools Configuration Analyzer Lynis Unix Auditing OpenSCAP Security Onion Network Monitoring SAMHAIN PacketFence LiveDVD - Page 6 of 14 -
Suricata BurpSuite WhatWeb Application Assessment WebSecurify W3AF WebSecurify Wireless Auditing Kismet inSSIder Wifite DFF (Digital Mobius Forensic Forensics NetworkMiner Forensics Toolkit Framework) Datamining / Logs Dradis Graylog2 Log2timeline Management IT Management SpiceWorks OpenDLP Splunk PHP Vulnerability Code Analysis Agnitio Graudit Hunter Ex æquo : Password Analysis Cain & Abel John the Ripper Patator THC-Hydra Havij Pangolin Database Auditing The Mole SQL Map VoIP / Telephony Auditing UCSniff Viper VAST Mausezahn Commercial Software Recommended Winner Excellent (Promising) Ex æquo : Tenable Nessus Ex æquo : COREvidence™ Vulnerability Management ProFeed WebSaint / Marketplace NeXpose Entreprise Ex æquo : Application Security COREvidence™ Acunetix / SandCat Pro Assessment Marketplace Netsparker - Page 7 of 14 -
Ex æquo : Patch Management GFI Languard NSS / Lumension EndPoint Shavlik Technologies Ex æquo : Penetration Testing and CoreImpact / SaintExploit Immunity CANVAS Exploitation Metasploit Pro Links and References URL Maltego http://www.paterva.com/web5/client/download.php Foca http://www.informatica64.com/foca.aspx Google Hacking Diggity http://www.stachliu.com/resources/tools Project theHarvester https://code.google.com/p/theharvester WhatWeb http://www.morningstarsecurity.com/research/whatweb Nmap http://nmap.org AutoScan http://autoscan-network.com OWASP Zed Attack Proxy https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Nessus http://www.nessus.org NeXpose http://community.rapid7.com OpenVAS http://www.openvas.org VEGA http://subgraph.com/products.html WA3F http://w3af.sourceforge.net - Page 8 of 14 -
Arachni http://arachni.segfault.gr Nikto http://cirt.net/nikto2 Metasploit http://www.metasploit.org Exploit DB http://www.exploit-db.com SAP Bizploit http://www.onapsis.com/research-free-solutions.php Kismet http://www.kismetwireless.net AirCrack-NG Suite http://www.aircrack-ng.org AiroScript-NG http://airoscript.aircrack-ng.org Backtrack 5 http://www.backtrack-linux.org Matriux http://www.matriux.com BackBox http://www.backbox.org Oval Interpreter http://oval.mitre.org Microsoft Web Application http://www.microsoft.com/download/en/details.aspx?id=573 Configuration Analyzer Nessus Local Plug-ins http://www.nessus.org/plugins/index.php?view=all Sysinternals Tools http://technet.microsoft.com/sysinternals Lynis http://www.rootkit.nl OpenSCAP http://www.open-scap.org SAMHAIN http://www.la-samhna.de/samhain Suricata http://www.openinfosecfoundation.org PacketFence http://www.packetfence.org Security Onion LiveDVD http://securityonion.blogspot.com BurpSuite http://portswigger.net Websecurify http://www.websecurify.com Inssider http://www.metageek.net/products/inssider Wifite https://code.google.com/p/wifite DEFT http://www.deftlinux.net Mobius Forensics Toolkit http://freshmeat.net/projects/mobiusft - Page 9 of 14 -
DFF (Digital Forensics http://www.digital-forensic.org Framework) Dradis http://dradisframework.org Graylog2 http://graylog2.org Log2timeline http://log2timeline.net/files Spiceworks Community http://www.spiceworks.com OpenDLP https://code.google.com/p/opendlp Splunk http://www.splunk.com Paglo IT http://paglo.com Graudit http://www.justanotherhacker.com Agnitio http://www.securityninja.co.uk PHP Vulnerability Hunter https://code.google.com/p/php-vulnerability-hunter Cain & Abel http://www.oxid.it OphCrack http://ophcrack.sourceforge.net John the Ripper http://www.openwall.com/john Patator https://code.google.com/p/patator Havij http://itsecteam.com/en Pangolin http://www.nosec.org SQL Map http://sqlmap.sourceforge.net The Mole http://themole.sourceforge.net UCSniff http://ucsniff.sourceforge.net Viper VAST http://vipervast.sourceforge.net Mausezahn http://www.perihel.at/sec/mz - Page 10 of 14 -
- Page 11 of 14 -
2011 Security News in Brief What Happened Editor EMC Acquires NetWitness http://www.vulnerabilitydatabase.com/2011/04/emc-acquires- Corporation netwitness-corporation/ http://www.vulnerabilitydatabase.com/2011/03/mcafee-acquires- McAfee Acquires Sentrigo sentrigo-to-enhance-database-security-portfolio/ http://www.vulnerabilitydatabase.com/2011/03/google-acquires- Google Acquires Zynamics zynamics/ SalesForge Acquired http://www.vulnerabilitydatabase.com/2011/01/dimdim-has-been- Dimdim acquired-by-salesforce-com/ http://www.vulnerabilitydatabase.com/2010/12/citrix-acquired- Citrix Acquired NetViewer netviewer/ Hackers break SSL http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ encryption GnackTrack project retired https://www.phillips321.co.uk/gnacktrack/ Ettercap New Version (Back http://www.vulnerabilitydatabase.com/2011/12/ettercap-v0-7-4- from 5 years) lazarus-back-from-5-years/ http://www.vulnerabilitydatabase.com/2011/11/owasp-academy- OWASP Academy Portal portal/ Cool Papers  Results of a Security Assessment of the IPv6  2011 CWE/SANS Top 25 Most Dangerous Software Errors v1.0  Whitepaper on SCADA Security Vulnerabilities  Common Weakness Risk Analysis Framework (CWRAF) - Page 12 of 14 -
 CybOX v0.6.2 – Cyber Observable eXpression (MITRE)  Browser Security Comparison: A Quantitative Approach  Onapsis SAP Security In-Depth The Great Loss Steven Paul Jobs (February 24, 1955 – October 5, 2011) He was co-founder, chairman, and chief executive officer of Apple Inc. Dennis Ritchie (September 9, 1941 - October 12, 2011) He created the C programming language and, with long-time colleague Ken Thompson, the Unix operating system. John McCarthy (September 4, 1927 – October 24, 2011) The father of "artificial intelligence" (AI), invented the Lisp programming language and was highly influential in the early development of AI. Paolo Pinto (CrashFR) Founder of HZV & Sysdreams. Top Hacks Sony investigating another hack Dropbox Lied to Users About Data Security, Complaint to FTC Alleges OpenSSH 3.5p1 Remote Root Exploit for FreeBSD Fraudulent Digital Certificates Could Allow Spoofing Kernel.org Linux repository rooted in hack attack Attack Code for SCADA Vulnerabilities Released Online Researchers Uncover The Email That Led To The RSA Hack - Page 13 of 14 -
Conferences BlackHat USA 2011 NETpeas SA and ToolsWatch have been present sponsoring Black Hat USA 2011 and organizing the Black Hat Arsenal Tools. This is an area for independent researchers and the open source community that will allow you to showcase their work. The worst and stupid Internet Strategy Stop Online Piracy Act (SOPA) PROTECT IP Act (PIPA) Anti-Counterfeiting Trade Agreement (ACTA) www.vulnerabilitydatabase.com Contact Us 228 Hamilton Avenue 3rd Floor Palo Alto, CA 94301 contact (at) netpeas (dot) com Phone: +1 650 798-5109 Fax : +1 650 798-5001 - Page 14 of 14 -

Recomendados

Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
 
We present Bugscout
We present BugscoutWe present Bugscout
We present BugscoutJorge Martínez Taboada
 
Hii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsHii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsAnatoliy Tkachev
 
Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesSecunia
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityTyler Shields
 
SQL Injection - The Unknown Story
SQL Injection - The Unknown StorySQL Injection - The Unknown Story
SQL Injection - The Unknown StoryImperva
 
Apt presso good to learn
Apt presso good to learnApt presso good to learn
Apt presso good to learnFajar Isnanto
 
Technology auto protection_from_exploit
Technology auto protection_from_exploitTechnology auto protection_from_exploit
Technology auto protection_from_exploitКомсс Файквэе
 

Recomendados

Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
 
We present Bugscout
We present BugscoutWe present Bugscout
We present BugscoutJorge Martínez Taboada
 
Hii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsHii assessing the_effectiveness_of_antivirus_solutions
Hii assessing the_effectiveness_of_antivirus_solutionsAnatoliy Tkachev
 
Maximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesMaximize Computer Security With Limited Ressources
Maximize Computer Security With Limited RessourcesSecunia
 
Owasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityOwasp Ireland - The State of Software Security
Owasp Ireland - The State of Software SecurityTyler Shields
 
SQL Injection - The Unknown Story
SQL Injection - The Unknown StorySQL Injection - The Unknown Story
SQL Injection - The Unknown StoryImperva
 
Apt presso good to learn
Apt presso good to learnApt presso good to learn
Apt presso good to learnFajar Isnanto
 
Technology auto protection_from_exploit
Technology auto protection_from_exploitTechnology auto protection_from_exploit
Technology auto protection_from_exploitКомсс Файквэе
 
Butler
ButlerButler
ButlerThomas Butler, CISSP, CEH, CHFI, CISA, CPA, CIA
 
Deepfake anyone, the ai synthetic media industry enters a dangerous phase
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseDeepfake anyone, the ai synthetic media industry enters a dangerous phase
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseaditi agarwal
 
We explain the security flaw that's freaking out the internet
We explain the security flaw that's freaking out the internetWe explain the security flaw that's freaking out the internet
We explain the security flaw that's freaking out the internetaditi agarwal
 
IIC IoT Security Maturity Model: Description and Intended Use
IIC IoT Security Maturity Model: Description and Intended UseIIC IoT Security Maturity Model: Description and Intended Use
IIC IoT Security Maturity Model: Description and Intended UseKaspersky
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...CODE BLUE
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideJeremiah Grossman
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci complianceShiva Hullavarad
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsKaspersky
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıErol Dizdar
 
Attack of the killer virus!
Attack of the killer virus!Attack of the killer virus!
Attack of the killer virus!UltraUploader
 
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trendsYi-Lang Tsai
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsSonatype
 
First Steps in Android
First Steps in AndroidFirst Steps in Android
First Steps in AndroidRich Helton
 
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Kaspersky
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatSurachai Chatchalermpun
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Ioannis Aligizakis, M.Sc.
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security Ioannis Aligizakis, M.Sc.
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 
GlassRAT-final
GlassRAT-finalGlassRAT-final
GlassRAT-finalMartin Sawczyn
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
Top 10 Web Vulnerability Scanners
Top 10 Web Vulnerability ScannersTop 10 Web Vulnerability Scanners
Top 10 Web Vulnerability Scannerswensheng wei
 

Mais conteúdo relacionado

Mais procurados

Deepfake anyone, the ai synthetic media industry enters a dangerous phase
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseDeepfake anyone, the ai synthetic media industry enters a dangerous phase
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseaditi agarwal
 
We explain the security flaw that's freaking out the internet
We explain the security flaw that's freaking out the internetWe explain the security flaw that's freaking out the internet
We explain the security flaw that's freaking out the internetaditi agarwal
 
IIC IoT Security Maturity Model: Description and Intended Use
IIC IoT Security Maturity Model: Description and Intended UseIIC IoT Security Maturity Model: Description and Intended Use
IIC IoT Security Maturity Model: Description and Intended UseKaspersky
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...CODE BLUE
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideJeremiah Grossman
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci complianceShiva Hullavarad
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsKaspersky
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıErol Dizdar
 
Attack of the killer virus!
Attack of the killer virus!Attack of the killer virus!
Attack of the killer virus!UltraUploader
 
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trendsYi-Lang Tsai
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsSonatype
 
First Steps in Android
First Steps in AndroidFirst Steps in Android
First Steps in AndroidRich Helton
 
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Kaspersky
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Ioannis Aligizakis, M.Sc.
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 

Mais procurados (19)

Butler
ButlerButler
Butler
 
Deepfake anyone, the ai synthetic media industry enters a dangerous phase
Deepfake anyone, the ai synthetic media industry enters a dangerous phaseDeepfake anyone, the ai synthetic media industry enters a dangerous phase
Deepfake anyone, the ai synthetic media industry enters a dangerous phase
 
We explain the security flaw that's freaking out the internet
We explain the security flaw that's freaking out the internetWe explain the security flaw that's freaking out the internet
We explain the security flaw that's freaking out the internet
 
IIC IoT Security Maturity Model: Description and Intended Use
IIC IoT Security Maturity Model: Description and Intended UseIIC IoT Security Maturity Model: Description and Intended Use
IIC IoT Security Maturity Model: Description and Intended Use
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci compliance
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
 
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs AraştırmasıAvtest Kasım 2011 Bedava Android Antivirüs Araştırması
Avtest Kasım 2011 Bedava Android Antivirüs Araştırması
 
Attack of the killer virus!
Attack of the killer virus!Attack of the killer virus!
Attack of the killer virus!
 
20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends20160713 2016 the honeynet projct annual workshop focus and global trends
20160713 2016 the honeynet projct annual workshop focus and global trends
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
 
First Steps in Android
First Steps in AndroidFirst Steps in Android
First Steps in Android
 
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoat
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
 
GlassRAT-final
GlassRAT-finalGlassRAT-final
GlassRAT-final
 

Semelhante a IT Vulnerability & Tools Watch 2011

Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
Top 10 Web Vulnerability Scanners
Top 10 Web Vulnerability ScannersTop 10 Web Vulnerability Scanners
Top 10 Web Vulnerability Scannerswensheng wei
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic SecurityDenim Group
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsIBM Security
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsBlack Duck by Synopsys
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008tswong
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckSoftware Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointIvanti
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLooking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLudovic Petit
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetuppbink
 
10 Open Source Security Testing Tools to Test Your Website
10 Open Source Security Testing Tools to Test Your Website10 Open Source Security Testing Tools to Test Your Website
10 Open Source Security Testing Tools to Test Your WebsiteCigniti Technologies Ltd
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET Journal
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryBlack Duck by Synopsys
 

Semelhante a IT Vulnerability & Tools Watch 2011 (20)

Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
Top 10 Web Vulnerability Scanners
Top 10 Web Vulnerability ScannersTop 10 Web Vulnerability Scanners
Top 10 Web Vulnerability Scanners
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic Security
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckSoftware Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the Endpoint
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLooking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
10 Open Source Security Testing Tools to Test Your Website
10 Open Source Security Testing Tools to Test Your Website10 Open Source Security Testing Tools to Test Your Website
10 Open Source Security Testing Tools to Test Your Website
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
 
B&W Netsparker overview
B&W Netsparker overviewB&W Netsparker overview
B&W Netsparker overview
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 

Mais de WASecurity

Pki guide v1.0a_aka
Pki guide v1.0a_akaPki guide v1.0a_aka
Pki guide v1.0a_akaWASecurity
 
一次详细的渗透Wordpress教程
一次详细的渗透Wordpress教程一次详细的渗透Wordpress教程
一次详细的渗透Wordpress教程WASecurity
 
国内主流WAF测评报告
国内主流WAF测评报告国内主流WAF测评报告
国内主流WAF测评报告WASecurity
 
企业安全应急响应与渗透反击V0.04(程冲)
企业安全应急响应与渗透反击V0.04(程冲)企业安全应急响应与渗透反击V0.04(程冲)
企业安全应急响应与渗透反击V0.04(程冲)WASecurity
 
A.oracle 查询结果的缓存问题
A.oracle 查询结果的缓存问题A.oracle 查询结果的缓存问题
A.oracle 查询结果的缓存问题WASecurity
 
A.oracle 数据字典与脚本初步
A.oracle 数据字典与脚本初步A.oracle 数据字典与脚本初步
A.oracle 数据字典与脚本初步WASecurity
 
1.oracle 11g 用户管理新功能
1.oracle 11g 用户管理新功能1.oracle 11g 用户管理新功能
1.oracle 11g 用户管理新功能WASecurity
 
1.Oracle系统应用数据泄露问题分析
1.Oracle系统应用数据泄露问题分析1.Oracle系统应用数据泄露问题分析
1.Oracle系统应用数据泄露问题分析WASecurity
 

Mais de WASecurity (9)

Pki guide v1.0a_aka
Pki guide v1.0a_akaPki guide v1.0a_aka
Pki guide v1.0a_aka
 
PCI DSS V2.0
PCI DSS V2.0PCI DSS V2.0
PCI DSS V2.0
 
一次详细的渗透Wordpress教程
一次详细的渗透Wordpress教程一次详细的渗透Wordpress教程
一次详细的渗透Wordpress教程
 
国内主流WAF测评报告
国内主流WAF测评报告国内主流WAF测评报告
国内主流WAF测评报告
 
企业安全应急响应与渗透反击V0.04(程冲)
企业安全应急响应与渗透反击V0.04(程冲)企业安全应急响应与渗透反击V0.04(程冲)
企业安全应急响应与渗透反击V0.04(程冲)
 
A.oracle 查询结果的缓存问题
A.oracle 查询结果的缓存问题A.oracle 查询结果的缓存问题
A.oracle 查询结果的缓存问题
 
A.oracle 数据字典与脚本初步
A.oracle 数据字典与脚本初步A.oracle 数据字典与脚本初步
A.oracle 数据字典与脚本初步
 
1.oracle 11g 用户管理新功能
1.oracle 11g 用户管理新功能1.oracle 11g 用户管理新功能
1.oracle 11g 用户管理新功能
 
1.Oracle系统应用数据泄露问题分析
1.Oracle系统应用数据泄露问题分析1.Oracle系统应用数据泄露问题分析
1.Oracle系统应用数据泄露问题分析
 

Último

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Último (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

IT Vulnerability & Tools Watch 2011

  • 1. IT Vulnerability & ToolsWatch Nabil OUCHN & Maximiliano SOLER The present document describes the Best Tools and Utilities from 2011. Divided into categories, carefully separated, based on the VulnerabilityDatabase.com Scoring Criteria. 228 Hamilton Avenue 3rd Floor Palo Alto, CA 94301 contact (at) netpeas (dot) com
  • 2. Introduction The world is changing, the security information too. For years we see that the protests are made by people - face to face - using violence and the media to disseminate what happens at that time. LulzSec and others organized groups like Anonymous have threatened huge companies, defending what they believed right. Changing the way of manifestation from political to social issues. Great personalities related to the technology and information security world have passed away. These include publicly the following people: Steven Paul Jobs, Dennis Ritchie, John McCarthy and Paul ‘CrashFR’ Pinto. S Talent people that created and innovated. Leading theories and tools that we know today e and are used as the basis of creation. c From VulnerabilityDatabase.com we create this inform developed through ToolsWatch u vision with the best tools and applications that we have focused during 2011. r i t  Nabil OUCHN  Maximiliano SOLER y CTO & Co-Founder NETpeas SA. ToolsWatcher Leader Twitter: @toolswatch Twitter: @maxisoler & - Page 2 of 14 - A
  • 3. What is VulnerabilityDatabase.com? VD is the first Collaborative Vulnerability & Tools Watch Service. It provides updates on Threats & Security Tools. The main features are the following:  Huge Database of Tools.  Latest Security News.  Community Feature enabled.  Ask a Hacker Forum.  Free Registration. - Page 3 of 14 -
  • 4. Content Scoring Criteria ............................................................................................. 5 Open Source & Free Utilities ......................................................................... 6 Penetration Testing and Ethical Hacking .................................................. 6 Security Assessment .................................................................................. 6 Commercial Software .................................................................................... 7 Links and References .................................................................................... 8 2011 Security News in Brief ....................................................................... 12 What Happened ....................................................................................... 12 Cool Papers .............................................................................................. 12 The Great Loss ......................................................................................... 13 Top Hacks ................................................................................................. 13 Conferences ............................................................................................. 14 The worst and stupid Internet Strategy .................................................. 14 - Page 4 of 14 -
  • 5. Scoring Criteria We have conducted this new survey on the basis on some criteria (as we did two years before). Since the last survey (2009), we decided to add these new criteria: Community Support. Documentation. Popularity (Twitter followers). Criteria Comment Audience Each tool has its target audience. Built-in, plug-in, functionalities, capabilities, use of APIs, Features interoperability with other systems. Frequency of updates: adding new features, new plug-in, Updates updating vulnerability database, updating techniques. Frequency of bugs fixing, generating new releases, nightly Maintenance builds, beta testing. Tool has a community version with support and the Community Support appropriate documentation. All documentation are easy to read and to understand and Documentation at least written in English. Wiki, blogs and other collaborative support are a must. Support of charts, dashboard, exporting to multiple formats Reporting (HTML, XML, PDF). The ability of the tool to map findings with Compliance, standards and open standards or to score vulnerability / Standards, Metrics & risks with metrics. Open Standards Standard and metrics could be : CVE, CVSS, CWE, CPE, CCE, OVAL, SCAP, CAPEC, ISO 2700x, NIST, PCI DSS. The popularity of the tool among the community. Twitter followers Popularity Average of visits and download based on our statistics for the year 2009. - Page 5 of 14 -
  • 6. Open Source & Free Utilities Penetration Testing and Ethical Hacking Recommended Winner Excellent (Promising) Ex æquo : Ex æquo : Foca Information Gathering Maltego theHarvester Google Hacking WhatWeb Diggity Project Network Scanners & Ex æquo : OWASP Zed Nmap Discovery AutoScan Attack Proxy Ex æquo : Vulnerability Scanners Nessus OpenVAS VEGA NeXpose Application Scanners w3af Arachni Nikto Metasploit Exploitation Frameworks DB Exploit Website SAP Bizploit Armitage Wireless Hacking Kismet AirCrack suite AirCheck Live CDS BackTrack 5 Matriux BackBox Security Assessment Recommended Winner Excellent (Promising) Microsoft Web Application Windows Auditing OVAL Interpreter Sysinternals Tools Configuration Analyzer Lynis Unix Auditing OpenSCAP Security Onion Network Monitoring SAMHAIN PacketFence LiveDVD - Page 6 of 14 -
  • 7. Suricata BurpSuite WhatWeb Application Assessment WebSecurify W3AF WebSecurify Wireless Auditing Kismet inSSIder Wifite DFF (Digital Mobius Forensic Forensics NetworkMiner Forensics Toolkit Framework) Datamining / Logs Dradis Graylog2 Log2timeline Management IT Management SpiceWorks OpenDLP Splunk PHP Vulnerability Code Analysis Agnitio Graudit Hunter Ex æquo : Password Analysis Cain & Abel John the Ripper Patator THC-Hydra Havij Pangolin Database Auditing The Mole SQL Map VoIP / Telephony Auditing UCSniff Viper VAST Mausezahn Commercial Software Recommended Winner Excellent (Promising) Ex æquo : Tenable Nessus Ex æquo : COREvidence™ Vulnerability Management ProFeed WebSaint / Marketplace NeXpose Entreprise Ex æquo : Application Security COREvidence™ Acunetix / SandCat Pro Assessment Marketplace Netsparker - Page 7 of 14 -
  • 8. Ex æquo : Patch Management GFI Languard NSS / Lumension EndPoint Shavlik Technologies Ex æquo : Penetration Testing and CoreImpact / SaintExploit Immunity CANVAS Exploitation Metasploit Pro Links and References URL Maltego http://www.paterva.com/web5/client/download.php Foca http://www.informatica64.com/foca.aspx Google Hacking Diggity http://www.stachliu.com/resources/tools Project theHarvester https://code.google.com/p/theharvester WhatWeb http://www.morningstarsecurity.com/research/whatweb Nmap http://nmap.org AutoScan http://autoscan-network.com OWASP Zed Attack Proxy https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Nessus http://www.nessus.org NeXpose http://community.rapid7.com OpenVAS http://www.openvas.org VEGA http://subgraph.com/products.html WA3F http://w3af.sourceforge.net - Page 8 of 14 -
  • 9. Arachni http://arachni.segfault.gr Nikto http://cirt.net/nikto2 Metasploit http://www.metasploit.org Exploit DB http://www.exploit-db.com SAP Bizploit http://www.onapsis.com/research-free-solutions.php Kismet http://www.kismetwireless.net AirCrack-NG Suite http://www.aircrack-ng.org AiroScript-NG http://airoscript.aircrack-ng.org Backtrack 5 http://www.backtrack-linux.org Matriux http://www.matriux.com BackBox http://www.backbox.org Oval Interpreter http://oval.mitre.org Microsoft Web Application http://www.microsoft.com/download/en/details.aspx?id=573 Configuration Analyzer Nessus Local Plug-ins http://www.nessus.org/plugins/index.php?view=all Sysinternals Tools http://technet.microsoft.com/sysinternals Lynis http://www.rootkit.nl OpenSCAP http://www.open-scap.org SAMHAIN http://www.la-samhna.de/samhain Suricata http://www.openinfosecfoundation.org PacketFence http://www.packetfence.org Security Onion LiveDVD http://securityonion.blogspot.com BurpSuite http://portswigger.net Websecurify http://www.websecurify.com Inssider http://www.metageek.net/products/inssider Wifite https://code.google.com/p/wifite DEFT http://www.deftlinux.net Mobius Forensics Toolkit http://freshmeat.net/projects/mobiusft - Page 9 of 14 -
  • 10. DFF (Digital Forensics http://www.digital-forensic.org Framework) Dradis http://dradisframework.org Graylog2 http://graylog2.org Log2timeline http://log2timeline.net/files Spiceworks Community http://www.spiceworks.com OpenDLP https://code.google.com/p/opendlp Splunk http://www.splunk.com Paglo IT http://paglo.com Graudit http://www.justanotherhacker.com Agnitio http://www.securityninja.co.uk PHP Vulnerability Hunter https://code.google.com/p/php-vulnerability-hunter Cain & Abel http://www.oxid.it OphCrack http://ophcrack.sourceforge.net John the Ripper http://www.openwall.com/john Patator https://code.google.com/p/patator Havij http://itsecteam.com/en Pangolin http://www.nosec.org SQL Map http://sqlmap.sourceforge.net The Mole http://themole.sourceforge.net UCSniff http://ucsniff.sourceforge.net Viper VAST http://vipervast.sourceforge.net Mausezahn http://www.perihel.at/sec/mz - Page 10 of 14 -
  • 11. - Page 11 of 14 -
  • 12. 2011 Security News in Brief What Happened Editor EMC Acquires NetWitness http://www.vulnerabilitydatabase.com/2011/04/emc-acquires- Corporation netwitness-corporation/ http://www.vulnerabilitydatabase.com/2011/03/mcafee-acquires- McAfee Acquires Sentrigo sentrigo-to-enhance-database-security-portfolio/ http://www.vulnerabilitydatabase.com/2011/03/google-acquires- Google Acquires Zynamics zynamics/ SalesForge Acquired http://www.vulnerabilitydatabase.com/2011/01/dimdim-has-been- Dimdim acquired-by-salesforce-com/ http://www.vulnerabilitydatabase.com/2010/12/citrix-acquired- Citrix Acquired NetViewer netviewer/ Hackers break SSL http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ encryption GnackTrack project retired https://www.phillips321.co.uk/gnacktrack/ Ettercap New Version (Back http://www.vulnerabilitydatabase.com/2011/12/ettercap-v0-7-4- from 5 years) lazarus-back-from-5-years/ http://www.vulnerabilitydatabase.com/2011/11/owasp-academy- OWASP Academy Portal portal/ Cool Papers  Results of a Security Assessment of the IPv6  2011 CWE/SANS Top 25 Most Dangerous Software Errors v1.0  Whitepaper on SCADA Security Vulnerabilities  Common Weakness Risk Analysis Framework (CWRAF) - Page 12 of 14 -
  • 13. CybOX v0.6.2 – Cyber Observable eXpression (MITRE)  Browser Security Comparison: A Quantitative Approach  Onapsis SAP Security In-Depth The Great Loss Steven Paul Jobs (February 24, 1955 – October 5, 2011) He was co-founder, chairman, and chief executive officer of Apple Inc. Dennis Ritchie (September 9, 1941 - October 12, 2011) He created the C programming language and, with long-time colleague Ken Thompson, the Unix operating system. John McCarthy (September 4, 1927 – October 24, 2011) The father of "artificial intelligence" (AI), invented the Lisp programming language and was highly influential in the early development of AI. Paolo Pinto (CrashFR) Founder of HZV & Sysdreams. Top Hacks Sony investigating another hack Dropbox Lied to Users About Data Security, Complaint to FTC Alleges OpenSSH 3.5p1 Remote Root Exploit for FreeBSD Fraudulent Digital Certificates Could Allow Spoofing Kernel.org Linux repository rooted in hack attack Attack Code for SCADA Vulnerabilities Released Online Researchers Uncover The Email That Led To The RSA Hack - Page 13 of 14 -
  • 14. Conferences BlackHat USA 2011 NETpeas SA and ToolsWatch have been present sponsoring Black Hat USA 2011 and organizing the Black Hat Arsenal Tools. This is an area for independent researchers and the open source community that will allow you to showcase their work. The worst and stupid Internet Strategy Stop Online Piracy Act (SOPA) PROTECT IP Act (PIPA) Anti-Counterfeiting Trade Agreement (ACTA) www.vulnerabilitydatabase.com Contact Us 228 Hamilton Avenue 3rd Floor Palo Alto, CA 94301 contact (at) netpeas (dot) com Phone: +1 650 798-5109 Fax : +1 650 798-5001 - Page 14 of 14 -