Security-Database Best IT Security Tools for 2009
The year 2009 was very intense of emotions, sadness, sorrows, and conflicts. The world as we knew or at least our parents did is changing so fast and unfortunately not in the right way.
The very bad economic situation, the stinky religions conflicts, the riots and wars, the increase of radical extremists and the policy of fear that the governments feed us are urging this earth to an excruciating end.
But instead of talking about politicians and their immature and childish job they are doing as spreading fear, making the wrong choices (as usual), wasting taxpayers money and time, dumping people into poverty, weâ€™d prefer focusing into enumerating the great software and tools weâ€™ve seen this year.
So, we are happy that 2009 is finally over and we expect the best for 2010.
— Security-Database Team
Weâ€™ve conducted this new survey on the basis on some criteria (as we did two years before).
Since the last survey (2007), we decided to add these new criteria:
- Community support
- Popularity (Twitter followers)
|Audience||Each tool has its target audience.|
|Community Support||Tool has a community version with support and the appropriate documentation.|
|Documentation||All documentation are easy to read and to understand and at least written in English. Wiki, blogs and other collaborative support are a must.|
|Features||Built-in, plug-in, functionalities, capabilities, use of APIs, interoperability with other systems.|
|Maintenance||Frequency of bugs fixing, generating new releases, nightly builds, beta testing.|
|Popularity||The popularity of the tool among the community, Twitter followers and average of visits and download based on our statistics for the year 2009.|
|Reporting||Support of charts, dashboard, exporting to multiple formats|
(HTML, XML, PDF).
|Standards, Metrics & Open Standards||The ability of the tool to map findings with Compliance, standards and open standards or to score vulnerability /|
risks with metrics.
Standard and metrics could be: CVE, CVSS, CWE, CPE, CCE, OVAL, SCAP, CAPEC, ISO 2700x, NIST, PCI DSS...
|Updates||Frequency of updates: adding new features, new plug-in,|
updating vulnerability database, updating techniquesâ€¦
Open Source & Free Utilities
Penetration Tests and Ethical Hacking
|Network Scanners and Discovery||Nmap v5||Ex Ã¦quo:
||Angry IP Scanner|
|Vulnerability Scanners||Ex Ã¦quo:
|Application Scanners||W3AF||Samurai WTF||Nikto|
|Wireless Hacking||OSWA||AirCrack suite||AiroScript-NG|
|Live CDs||BackTrack 4||Katana||Matriux|
|Exploitation Frameworks||Metasploit v3||DB Exploit Website|
|Windows Auditing||OVAL interpreter||Nessus Local Plug-ins||Sysinternals tools|
|Unix Auditing||Lynis||CIS Scoring||OpenSCAP|
|Firewall & Filtering Devices||None||None||None|
|Application Assessment||BurpSuite||WebSecurify||CAT The manual web application|
|Wireless Auditing||OSWA||Ex Ã¦quo:
||Netwitness Free Edition|
|Datamining / logs management||Splunk community release||Dradis|
|IT Management||SpiceWorks||Paglo IT|
|Code analysis||Rats||Graudit||MS CAT.net|
|Password analysis||Ex Ã¦quo:
||John the ripper|
|VoIP & Telephony auditing||VAST Viper||WarVox|
|Database auditing||Db Audit Free edition||Ex Ã¦quo:
|Vulnerability Management||Ex Ã¦quo:
|Application Security assessment||Ex Ã¦quo:
|Patch Management||GFI Languard NSS||Lumension EndPoint|
|Penetration Testing and Exploitation||Core Impact||SaintExploit|
Links and references
2009 Security news in brief
The idiot move
Nipper the dog is retired from Sourceforge.
The smart move
Keeping Metasploit open source and even adding support of Nexpose from Rapid7.
The death of Str0ke from milw0rm.
The worst and shameless Internet innovation
And the winner is France for HADOPI LAW.
Big brother project of the year
And the winner is France for HADOPI LAW.
The Use of Awards Logos
Congratulations for all winners. We have designed Award logos to use as advertising material on your websites or marketing campaigns. To grab the appropriate logo (winner, excellent or promising), just left click and download.
Copyright Â© 2009 Security-Database.com