CWE (Common Weakness Enumeration) is a community-developed formal list of common software weaknesses. It serves as a common language for describing software security weaknesses, a standard measuring stick for software security tools targeting these vulnerabilities, and as a baseline standard for weakness identification, mitigation, and prevention efforts.
As an effort to be fully compliant, we’ve integrated the latest CWE release.
You can browse the CWE list at (...)
Home > Security Tools
Security Tools
-
Security-Database integrates CWE 1.8
1 April 2010, by Tools Tracker Team -
(EXCLUSIVE) Jolicloud the Netbook OS v0.9 pre-final released
31 March 2010, by Tools Tracker TeamJolicloud "pre-final", a new oriented OS netbooks based on Ubuntu, has just been released after a number of important updates and improvements, including a new platform HTML 5 ready for Web applications and also manager of new 3G + network with over 100 models of supported cards.
Jolicloud Express, the Windows installer has been translated into French, English, German and many other additional languages are in progress.
Jolicloud is no more in beta stage, one’s can safely install the (...) -
OWASP Enterprise Security API 2.0 rc6 released
31 March 2010, by Tools Tracker TeamESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.
Dependencies (...) -
W3AF v1.0-rc3 released
31 March 2010, by Tools Tracker Teamw3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much
The development team is proud to announce a new w3af release! Some
of the features of the 1.0-rc3 version are: Enhanced GUI, including huge changes in the MITM proxy and the Fuzzy
Request Editor Increased speed by rewriting parts of the (...) -
pvefindaddr updated to v1.27
30 March 2010, by Tools Tracker Teampvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
Drop the file in the pycommands folder within your Immunity Debugger installation folder. You can get the list of (...) -
DBAPPSecurity web application scanner MatriXay 3.6 was released
30 March 2010, by Tools Tracker TeamSource - http://www.professionalsecuritytesters.org/
Features: In-depth Scan: risk-oriented in-depth scanning on web application can access to back-end database information and web application list. Web Vulnerability Detection: detect all kinds of typical web vulnerabilities deeply (such as SQL injection, Xpath injection, XSS, the form around, form weak password, all kinds of CGL vulnerabilities.) Web Trojan Detection: analyze a variety of linked Trojan automatically, effectively and (...) -
Buck Security - Checks for Debian Linux - v0.5 released
30 March 2010, by Tools Tracker TeamBuck Security is a collection of security checks for Linux. It was designed for Debian and Ubuntu servers, but can be useful for any Linux system. The aim of Buck Security is, to allow you to get a quick overview of the security status of your system. As a linux system administrator - but also as a normal linux user - you often wonder if your system is secure
Features Searching for worldwriteable files Searching for worldwriteable directories Searching for programs where the setuid is set (...) -
pwnat tool v0.2-beta released
30 March 2010, by Tools Tracker Teampwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect.
Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party.
There is no middle man, no proxy, no 3rd party, (...) -
Nmap v5.30 beta 1 in the wild - doped with scripts -
30 March 2010, by Tools Tracker TeamNmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other (...)
-
OpenSSL 1.0.0 Released .. after all these years !!!
29 March 2010, by Tools Tracker TeamThe OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
Changelog New -sigopt option to the ca, req and x509 (...)