Security-Database Best IT Security Tools for 2009

The year 2009 was very intense of emotions, sadness, sorrows, and conflicts. The world as we knew or at least our parents did is changing so fast and unfortunately not in the right way.

The very bad economic situation, the stinky religions conflicts, the riots and wars, the increase of radical extremists and the policy of fear that the governments feed us are urging this earth to an excruciating end.

But instead of talking about politicians and their immature and childish job they are doing as spreading fear, making the wrong choices (as usual), wasting taxpayers money and time, dumping people into poverty, we’d prefer focusing into enumerating the great software and tools we’ve seen this year.

So, we are happy that 2009 is finally over and we expect the best for 2010.

— Security-Database Team

 Scoring criteria

We’ve conducted this new survey on the basis on some criteria (as we did two years before).
Since the last survey (2007), we decided to add these new criteria:

  • Community support
  • Documentation
  • Popularity (Twitter followers)
Criteria Comment
AudienceEach tool has its target audience.
Community SupportTool has a community version with support and the appropriate documentation.
DocumentationAll documentation are easy to read and to understand and at least written in English. Wiki, blogs and other collaborative support are a must.
FeaturesBuilt-in, plug-in, functionalities, capabilities, use of APIs, interoperability with other systems.
MaintenanceFrequency of bugs fixing, generating new releases, nightly builds, beta testing.
PopularityThe popularity of the tool among the community, Twitter followers and average of visits and download based on our statistics for the year 2009.
ReportingSupport of charts, dashboard, exporting to multiple formats
(HTML, XML, PDF).
Standards, Metrics & Open StandardsThe ability of the tool to map findings with Compliance, standards and open standards or to score vulnerability /
risks with metrics.

Standard and metrics could be: CVE, CVSS, CWE, CPE, CCE, OVAL, SCAP, CAPEC, ISO 2700x, NIST, PCI DSS...
UpdatesFrequency of updates: adding new features, new plug-in,
updating vulnerability database, updating techniques…

++++

 Open Source & Free Utilities

Penetration Tests and Ethical Hacking

- Winner Excellent Recommended (Promising)
Information GatheringMaltegoBinging
Network Scanners and DiscoveryNmap v5Ex æquo:
  • Netifera
  • AutoScan
Angry IP Scanner
Vulnerability ScannersEx æquo:
  • Nessus
  • NeXpose
OpenVAS
Application ScannersW3AFSamurai WTFNikto
Wireless HackingOSWAAirCrack suiteAiroScript-NG
Live CDsBackTrack 4KatanaMatriux
Exploitation FrameworksMetasploit v3DB Exploit Website

Security Assessment

- Winner Excellent Recommended (Promising)
Windows AuditingOVAL interpreterNessus Local Plug-insSysinternals tools
Unix AuditingLynisCIS ScoringOpenSCAP
Firewall & Filtering DevicesNoneNoneNone
Application AssessmentBurpSuiteWebSecurifyCAT The manual web application
Wireless AuditingOSWAEx æquo:
  • Kismet
  • Kismac
Inssider
ForensicsCAINEEx æquo:
  • Mobius
  • Process Hacker
Netwitness Free Edition
Datamining / logs managementSplunk community releaseDradis
IT ManagementSpiceWorksPaglo IT
Code analysisRatsGrauditMS CAT.net
Password analysisEx æquo:
  • Cain & Abel
  • OphCrack
John the ripper
VoIP & Telephony auditingVAST ViperWarVox
Database auditingDb Audit Free editionEx æquo:
  • Pangolin
  • SQL Map
Wapiti

++++

 Commercial software

- Winner Excellent Recommended (Promising)
Vulnerability ManagementEx æquo:
  • Tenable Nessus
  • ProFeed
Ex æquo:
  • WebSaint
  • NeXpose Entreprise
  • Application Security assessmentEx æquo:
    • Acunetix
    • N-stalker
    IBM AppSCANNetsparker
    Patch ManagementGFI Languard NSSLumension EndPoint
    Penetration Testing and ExploitationCore ImpactSaintExploit

    ++++

     Links and references

    Name Link
    Maltegohttp://www.paterva.com/web4/index.php/maltego
    Binginghttp://www.blueinfy.com/
    Nmaphttp://www.nmap.org
    Netiferahttp://netifera.com/
    AutoScanhttp://autoscan-network.com/
    Angry IP Scannerhttp://www.angryip.org
    Nessushttp://www.nessus.org
    NeXposehttp://community.rapid7.com
    OpenVAShttp://www.openvas.org
    WA3Fhttp://w3af.sourceforge.net/
    Metasploithttp://www.metasploit.org
    Samurai WTFhttp://samurai.inguardians.com/
    Niktohttp://cirt.net/nikto2
    Exploit DBhttp://www.exploit-db.com/
    OSWAhttp://securitystartshere.org/page-training-oswa.htm
    AirCrack-NG Suitehttp://www.aircrack-ng.org/
    AiroScript-NGhttp://airoscript.aircrack-ng.org/
    Backtrack 4http://www.remote-exploit.org
    PentBoxhttp://www.pentbox.net/
    Matriuxhttp://www.matriux.com/
    Oval Interpreterhttp://oval.mitre.org
    Sysinternals suitehttp://technet.microsoft.com/sysinternals
    Lynishttp://www.rootkit.nl/
    CIS Scoring toolshttp://www.cisecurity.org/
    OpenSCAPhttp://www.open-scap.org/
    BurpSuitehttp://portswigger.net
    Websecurifyhttp://www.websecurify.com/
    CAT The manual Web Application Audithttp://cat.contextis.co.uk/
    Kismethttp://www.kismetwireless.net/
    Kismachttp://kismac-ng.org/
    Inssiderhttp://www.metageek.net/products/inssider
    CAINEhttp://www.caine-live.net/
    Mobius Forensics Toolkithttp://freshmeat.net/projects/mobiusft
    Process Hackerhttp://processhacker.sourceforge.net/
    Netwitness Free Editionhttp://www.netwitness.com/
    Splunk Communityhttp://www.splunk.com/
    Dradishttp://dradisframework.org/
    Spiceworks Communityhttp://www.spiceworks.com/
    Paglo IThttp://paglo.com/
    RATShttp://www.fortify.com/
    Graudithttp://www.justanotherhacker.com
    OWASP Code Crawlerhttp://www.owasp.org
    Cain & Abelhttp://www.oxid.it/
    OphCrackhttp://ophcrack.sourceforge.net/
    John the Ripperhttp://www.openwall.com/john/
    DB Audit Free Editionhttp://www.softtreetech.com/
    Pangolinhttp://www.nosec.org/
    SQL Maphttp://sqlmap.sourceforge.net/
    Wapitihttp://wapiti.sourceforge.net/
    VAST Viperhttp://vipervast.sourceforge.net/
    WarVoxhttp://warvox.org/

    ++++

     2009 Security news in brief

    What’s happened

    - Link
    Returns of The L0pht Industryhttp://www.security-database.com/toolswatch/The-famous-l0pht-com-is-up-and.html
    http://www.security-database.com/toolswatch/L0phtCrack-is-back-with-a-new.html
    VoIPScanner the first VoIP scanner As A Servicehttp://www.security-database.com/toolswatch/VoIPScanner-com-the-First-VoIP.html
    Rapid7 acquires Metasploithttp://www.rapid7.com/metasploit-announcement.jsp
    Nmap v5.0 releasedhttp://nmap.org/5/
    Metasploit 3.x the best exploitation frameworkhttp://blog.metasploit.com/2009/11/metasploit-framework-33-released.html
    The attack of confickerhttp://www.security-database.com/toolswatch/Scanners-and-utilities-to-detect.html
    http://www.security-database.com/detail.php?alert=CVE-2008-4250
    Sara project retiredhttp://www.security-database.com/toolswatch/SARA-project-retired-Last-release.html
    Nessus turns to web with version 4.2http://blog.tenablesecurity.com/2009/11/nessus-42-released.html
    OWASP Guide v3.0 releasedhttp://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
    CWE/SANS top dangerous programming errorshttp://www.security-database.com/toolswatch/CWE-SANS-Top-25-Most-Dangerous.html

    The idiot move

    Nipper the dog is retired from Sourceforge.

    http://sourceforge.net/projects/nipper/

    The smart move

    Keeping Metasploit open source and even adding support of Nexpose from Rapid7.

    http://blog.metasploit.com/2009/12/metasploit-331-nexpose-community.html

    Security Hoax

    The death of Str0ke from milw0rm.

    The worst and shameless Internet innovation

    And the winner is France for HADOPI LAW.

    Big brother project of the year

    And the winner is France for HADOPI LAW.

    ++++

     The Use of Awards Logos

    Congratulations for all winners. We have designed Award logos to use as advertising material on your websites or marketing campaigns. To grab the appropriate logo (winner, excellent or promising), just left click and download.

    Copyright © 2009 Security-Database.com

    Attached Documents

    Attached Pictures

    Winner Excellent Promising

    Comments