Category Configurations checks

SIPVicious is a set of utilities for auditing SIP devices. It comes with 4 tools :

• svmap: an active scanner to identify SIP devices on the network
• svwar: scans SIP PBX servers for existing extensions
• svcrack: an online password cracker against SIP PBX servers
• svreport: manages sessions by the other tools + exports to pdf, xml (html), csv and plain text

FindBugs which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License. The name FindBugsâ„¢ and the FindBugs logo are trademarked by The University of Maryland. FindBugs is sponsored by Fortify Software and SureLogic

NessusClient is the XWindow GUI for Nessus 2.x and 3.x.

TIGER is a set of Bourne shell scripts, C programs, and data files which are used to perform a security audit of Unix systems. The security audit results are useful both for system analysis (security auditing) and for real-time, host-based intrusion detection.

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Pixy is an Open-Source Vulnerability Scanner that identifies SQL, XSS problems in PHP applications.

The Security Auditor’s Research Assistant (SARA) is a third generation network security analysis tool. It is Based on the SATAN model

SAINT, or the Security Administrator’s Integrated Network Tool, uncovers areas of weakness and recommends fixes. With SAINT® vulnerability assessment tool, you can:

• Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders.
• Anticipate and prevent common system vulnerabilities.
• Demonstrate compliance with current government regulations such as FISMA, Sarbanes Oxley, GLBA, HIPAA, and COPPA

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Babel Enterprise is a systems auditing tool. Babel performs a security level check of the machine, or hardening. The check consists of a number of auditing tests that obtain a snap of the security status of each machine

SSA (Security System Analyzer) is a non-intrusive OVAL-Compatible policy compliance and vulnerability assessment software. It provides auditors and security officers a comprehensive solution to keep pace with security compliance requirements (patch management, vulnerability management, software inventories...)

PHP Security Scanner is a tool written in PHP intended to search PHP code for vulnarabilities. MySQL DB stores patterns to search for as well as the results from the search. The tool can scan any directory on the file system.

Using the built-in Windows administration tools to manage a medium to large Windows NT or Windows 2000/2003 network can be a challenge

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Wikto provides the same functionality as the Nikto tool. But it goes a little further. There are 3 main sections of the tool. These are : Back-End miner, Nikto-like functionality and google

Open Vulnerability and Assessment Language (OVALâ„¢) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community.

Are you aware of all the devices – USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, iPods, digital cameras – that have been connected to your network? As an administrator, do you know how many employees have been using or are using portable storage devices at the moment? Monitoring your network for these devices is not only time-consuming but nearly impossible to do manually.

SSA Security System Analyzer has been added to OVAL-Compatible Products and Services.