Archive | Security Software


07 February 2007 | 3,560 views

Secunia Releases Software Inspector

Feature Overview – The Secunia Software Inspector: Detects insecure versions of applications installed Verifies that all Microsoft patches are applied Assists you in updating your system and applications Runs through your browser. No installation or download is required. How Does it Work: The Secunia Software Inspector relies on carefully crafted “Secunia File Signatures” to recognise [...]

Continue Reading


30 January 2007 | 42,431 views

Burp Proxy & Burp Suite – Attacking Web Applications

I love the Burp Suite, I really do. It’s pretty much my favourite local proxy program and my favourite suite of tools for security testing web applications (especially the session investigation and manipulation parts). Another great thing is it’s cross platform, so you don’t have to learn different tools for Windows and Linux. Basically Burp [...]

Continue Reading


18 December 2006 | 12,446 views

SinFP 2.0.4 – OS Detection – Now Works On Windows

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has. Nmap approaches to fingerprinting as shown to be efficient for years. Nowadays, with the omni-presence of stateful filtering devices, PAT/NAT configurations and emerging packet normalization technologies, its approach to OS fingerprinting is becoming to be obsolete. SinFP uses the aforementioned limitations [...]

Continue Reading


15 November 2006 | 4,072 views

McAfee buying Tel Aviv startup Onigma for $15-25 million cash

Data security giant McAfee has bought a young Tel Aviv startup, Onigma, for somewhere between $15 million to $25 million cash, surmise hi-tech circles. McAfee will be integrating the Onigma technology in its enterprise security solution, and will be recruiting dozens more Israeli developers for the startup, which will become a local R&D center. Onigma [...]

Continue Reading


08 November 2006 | 5,252 views

Taof 0.1 Network Protocol Fuzzer Released

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols. Taof aids the researcher during the data retrieval process by providing a transparent proxy functionality that forwards and logs requests from [...]

Continue Reading


31 October 2006 | 11,396 views

PMD – Java Source Code Scanner

Continuing with the series of tools I’ve been posting on source code auditing and application security, here is PMD a Java Source Code Scanner. PMD scans Java source code and looks for potential problems like: Possible bugs – empty try/catch/finally/switch statements Dead code – unused local variables, parameters and private methods Suboptimal code – wasteful [...]

Continue Reading


27 October 2006 | 5,173 views

Security Companies Fight Against Microsoft Security Center

No surprise really? Microsoft and they monopoly strategies, anti-competitive behaviour, nothing new really is it? Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate. The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point Software [...]

Continue Reading


26 October 2006 | 18,002 views

ARPWatch-NG ARP Flooding/Spoofing Protection/Detection

If you are paranoid about people ARP spoofing or flooding on your network you can use ARPWatch-NG, ARPWatch-NG is a continue of the popular original ARPWatch from ftp://ftp.ee.lbl.gov/. ARPWatch monitors MAC adresses on your network and writes them into a file, last know timestamp and change notification is included. It can be used it to [...]

Continue Reading


24 October 2006 | 8,891 views

LAPSE Sourcecode Analysis for JAVA J2EE Web Applications

LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE was developed by Benjamin Livshits as part of the Griffin Software Security Project. LAPSE targets the following Web application vulnerabilities: [...]

Continue Reading


22 October 2006 | 22,803 views

Odysseus Proxy for MITM Attacks Testing Security of Web Applications.

Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission. For example, [...]

Continue Reading