SAINT version 7.0 is now available
SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved
Well this is a great news because i’ve just received a mail from Billy Austin (SaintCorporation CSO) announcing the new version 7.0 with a bunch of features.
SAINT has a Crisp New Interface in version 7.0. SAINT’s crisp new interface makes it easy to set up vulnerability scans and pen tests, and to navigate the results to identify risks. The new icon bar, drop down
menus, and tabs are user friendly.
New Features in SAINT 7 –
- Run-time reporting – See up-to-the-minute scan results while your scan progresses.
- Automatic key generation – Run-time checks for license key validity with an option to automatically generate and download a new key, if needed.
- Web application penetration testing –
- SQL injection exploit
- Automatic detection of Web forms for potential SQL injection
- User-friendly database viewer tool upon successful SQL injection
- Database penetration testing –
- MySQL password guess exploit
- Oracle password guess exploit
- SQL shell prompt upon successful guess
- More e-mail templates for client exploits – New e-mail templates for eBay, Facebook, password requests, and more; and custom e-mail templates.
- SAINTwriter Reporting of hosts per vulnerability – Custom reporting option to list affected hosts under each vulnerability.
- New custom scan level templates –
- By CVSS range
- By PCI compliance
New Exploits in SAINT 7 –
- Microsoft Works File Converter exploit (CVE 2009-1533)
- Windows Print Spooler exploit (CVE 2009-0228)
- Oracle Secure Backup login.php ora_osb_lcookie command execution exploit (CVE 2008-4006)
- PowerPoint Legacy Format Scheme record exploit (CVE 2009-0226)
Post scriptum
Compliance Mandates
|