RSS Feed for securityCategory: security

Open Source Web Security Scanner »

IronWASP is an open source web security scanner. It’s Free and Open source GUI based and very easy to use, no security expertise required Powerful and effective scanning engine Supports recording Login sequence Reporting in both HTML and RTF formats – Click here to view the sample report Checks for over 25 different kinds of [...]

Java–CORS Filter »

Cross-origin resource sharing (CORS) is a mechanism that allows JavaScript on a web page to make XMLHttpRequests to another domain, not the domain the JavaScript originated from. Such “cross-domain” requests would otherwise be forbidden by web browsers, per the same origin security policy. eBay CORS filter is a Java Servlet Filter implementation of server-side CORS [...]

Tor Open Network »

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks [...]

Open Source Web Application Security Audit Tool »

ratproxy is a semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model [...]

Project Sentry Gun »

This project guides you on how to build a sentry gun which autonomously tracks, aims, and shoots at targets, using: An airsoft or paintball gun A webcam to find targets A computer to process the video feed and aim the gun Servo motors to physically aim the gun and squeeze the trigger A sturdy tripod [...]

Software for Online Anonymity »

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis. Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. [...]

OWASP Mantra – Security Framework »

Mantra is a dream that came true. It is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is a [...]

What Every Web Programmer Needs To Know About Security »

Useful reading materials from Google University Part 1 Security Goals Secure Systems Design Secure Design Principles Exercises for Part 1   Part 2 Worms and Other Malware Buffer Overflows Client-State Manipulation SQL Injection Password Security Cross-Domain Security in Web Applications Exercises for Part 2 Part 3 Symmetric Key Cryptography Asymmetric Key Cryptography Key Management & [...]

Open Vulnerability Assessment System »

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 18,000 in total (as of August 2010). All OpenVAS products are Free Software [...]

Free Rescue Disk from Kaspersky »

Boot from the Kaspersky Rescue Disk to scan and remove threats from an infected computer without the risk of infecting other files or computers. Burn this ISO image to a CD, insert it into the infected system’s CD-ROM drive, enter the PC’s BIOS, set it to boot from the CD and reboot the computer. This [...]

Free Tool to Wipe Out Hard Disks »

Darik’s Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

Open Source Web Security Testing Tool »

skipfish is a fully automated, active web application security reconnaissance tool. Key features: High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets. Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly [...]

GSM Sniffer »

AirProbe is the new home of the former GSM-Sniffer project. The goal is to build an air-interface analysis tool for the GSM (and possible later 3G) mobile phone standard. The prime motivation is to learn the details of the technology, help people who develop other open GSM technology (like OpenBTS, OpenMoko?, BS11/OpenBSC and others) and [...]

SQL Injection Tool »

SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. For now it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal [...]

WEP Attack »

WepAttack is a WLAN open source Linux tool for breaking 802.11 WEP keys. This tool is based on an active dictionary attack that tests millions of words to find the right key. Only one packet is required to start an attack. The  requirements: The network data has been captured by a WLAN card in monitor [...]

Open Source Wireless Network Sniffer and IDS »

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering [...]

Open Source Network Protocol and Application Analyzer »

SPIKE When you need to analyze a new network protocol for buffer overflows or similar weaknesses, the SPIKE is the tool of choice for professionals. While it requires a strong knowledge of C to use, it produces results second to none in the field. SPIKE is available for the Linux platform only. SPIKE Proxy Not [...]

Windows Reverse Engineering Tool »

oSpy is a tool which aids in reverse-engineering software running on the Windows platform. With the amount of proprietary systems that exist today (synchronization protocols, instant messaging, etc.), the amount of work required to keep up when developing interoperable solutions will quickly become a big burden when limited to traditional techniques. However, when the sniffing [...]

Open Source Network Mapping and Monitoring Tool »

Cheops-ng is a Network management tool for mapping and monitoring your network. It has host/network discovery functionality as well as OS detection of hosts. Cheops-ng has the ability to probe hosts to see what services they are running. On some services, cheops-ng is actually able to see what program is running for a service and [...]

Port Scanner for Windows »

ScanLine is a command-line port scanner for all Windows platforms. It can perform traditional ICMP "pinging", optional additional ICMP TimeStamp scanning, can show host response times and number of hops, do TCP scanning, simple UDP scanning, banner grabbing and hostname resolving. Scanning is performed in a fast highly parallel fashion without resorting to using multiple [...]