Security-Database Blog

The OSSAR report has been created by Digital Encode Company and its based on OSSTMM & OWASP to overall security tests.
This document is a VA/PT report for a fictitious bank called eClipse Bank PLC carried out by another fictitious company Cynergi Solutions Inc. All names, URLs, IPs, etc are fictitious. Some of the vulnerabilities discussed have actually occurred for real.

Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source (license).

Ludovic Petit (OWASP France Leader and Vice-Chair) has just sent to France OWASP mailing list a note about the OWASP SSB project.
The Security Spending Benchmarks Project seeks to produce guidance and an industry accepted benchmark for justifying overall Web application security spending. We want to quantify how many dollars and human resources should be allocated towards the software development life-cycle, security training, security software/tools, independent third-party reviews, Web application firewalls, etc

No comment
http://inj3ct0r.com/

This small utility was written for Information Security Professionals to aid in conducting Wireless Security Assessment. The program executes various utilities included in the aircrack-ng suite, a set of tools for auditing wireless networks, in order to obtain the WEP encryption key of a wireless access point. aircrack-ng can be obtained from http://www.aircrack-ng.org

GerixWiFiCracker is GUI for Aircrack-ng suite, is designed for pentesting in a realworld with efficent and userfriendly graphic interface

Interoute’s Internet Barometer shows real-time statistics on Internet attacks worldwide and provides information on the source of those attacks.
The source of attacks indicates potentially hostile organizations and networks. So, the Barometer identifies whether the perpetrator is a "known Bad Guy"; a spoofer who is trying to hide his or her identity by using different IP addresses; or an unknown attacker.

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

NBIM is a Network-based Integrity monitor, that detects unauthorized changes on Web sites and domains.

Vous avez entendu parler du Parti Pirate suédois, qui a obtenu 7,1 % des voix aux élections européennes (23 % chez les moins de 30 ans) et qui est devenu en termes d’adhérents, la troisième force politique du royaume scandinave ? Vous pensez, suite aux combats sur les lois DADVSI et HADOPI, que le mouvement numérique doit passer au stade politique ? Alors, vous allez être satisfaits d’apprendre ce jour la création du Parti Pirate Français.

xprobe: Remote OS identification using ICMP packets Xprobe allows you to determine what operating system is running on a remote host. It sends several packets to a host and analyses the returned ICMP packets. The tool automates a logic of OS fingerprinting methods called "X"