SAINT version 7.0 is now available

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

Well this is a great news because i’ve just received a mail from Billy Austin (SaintCorporation CSO) announcing the new version 7.0 with a bunch of features.

SAINT has a Crisp New Interface in version 7.0. SAINT’s crisp new interface makes it easy to set up vulnerability scans and pen tests, and to navigate the results to identify risks. The new icon bar, drop down
menus, and tabs are user friendly.


New Features in SAINT 7 –

  • Run-time reporting – See up-to-the-minute scan results while your scan progresses.
  • Automatic key generation – Run-time checks for license key validity with an option to automatically generate and download a new key, if needed.
  • Web application penetration testing –
  • SQL injection exploit
  • Automatic detection of Web forms for potential SQL injection
  • User-friendly database viewer tool upon successful SQL injection
  • Database penetration testing –
  • MySQL password guess exploit
  • Oracle password guess exploit
  • SQL shell prompt upon successful guess
  • More e-mail templates for client exploits – New e-mail templates for eBay, Facebook, password requests, and more; and custom e-mail templates.
  • SAINTwriter Reporting of hosts per vulnerability – Custom reporting option to list affected hosts under each vulnerability.
  • New custom scan level templates –
  • By CVSS range
  • By PCI compliance

New Exploits in SAINT 7 –

  • Microsoft Works File Converter exploit (CVE 2009-1533)
  • Windows Print Spooler exploit (CVE 2009-0228)
  • Oracle Secure Backup login.php ora_osb_lcookie command execution exploit (CVE 2008-4006)
  • PowerPoint Legacy Format Scheme record exploit (CVE 2009-0226)

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Application Scanner
Penetration testing & Ethical Hacking
Saint
Vulnerability Management