Security Dashboard
Monday 31 December 2007 - 30120 read
Since we have started IT security auditing and assessment, we have tested and used tons of tools, utilities and softwares. A lot of them were discontinuted, closed their code or just bought by vendors. But (hopefully), the best are still alive.
Now, by the end of the year 2007, i become slightly melancholic and decide to release a survey of the most efficient IT Security Softwares for auditors, security administrators and pentesters.
However, I deeply think that every little script or utility wrote by individual developer or hacker is a gem. Just take a look at sourceforge project repositories to be amazed. They will continue to serve us for years to come.
— Happy New Year.
Security Assessment
Open source and Free Softwares
| Category | Best | Recommended/Excellent |
|---|---|---|
| Windows auditing | OVAL Interpreter | ex aequo : Belarc Advisor & WinAudit & SysInternals |
| Unix auditing | ex aequo : CIS Scoring Tools & Tiger Security Tool | ex aequo : Babel Enterprise & OVAL Unix interpreters (Sussen, Debian, Fedora, OpenSuse) |
| Filtering devices | Nipper | NCat |
| Password Cracking | Cain and Abel | OphCrack Suite |
| Code auditing | FindBugs | Pixy |
| Wireless testing | OSWA | Russix |
| Database auditing | THC-Oracle | SQL Power Injector |
| Application auditing | OWASP LabRat | OWASP Cal9000 |
| VoIP auditing | SiVus | Cain and Abel |
Methodologies
| Document | Best | Recommended/Excellent |
|---|---|---|
| Publications | NIST CSRC documents | |
| Security Checklists | DISA STIGs | ex aequo: CIS Checklists & AuditNet Resources |
