Archive | Security Software


17 February 2007 | 14,942 views

sqlmap – Automated Blind SQL Injection Tool

sqlmap is an automatic blind SQL injection tool, developed in python, capable of enumerating an entire remote database, performing an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities. [...]

Continue Reading


07 February 2007 | 3,560 views

Secunia Releases Software Inspector

Feature Overview – The Secunia Software Inspector: Detects insecure versions of applications installed Verifies that all Microsoft patches are applied Assists you in updating your system and applications Runs through your browser. No installation or download is required. How Does it Work: The Secunia Software Inspector relies on carefully crafted “Secunia File Signatures” to recognise [...]

Continue Reading


30 January 2007 | 42,478 views

Burp Proxy & Burp Suite – Attacking Web Applications

I love the Burp Suite, I really do. It’s pretty much my favourite local proxy program and my favourite suite of tools for security testing web applications (especially the session investigation and manipulation parts). Another great thing is it’s cross platform, so you don’t have to learn different tools for Windows and Linux. Basically Burp [...]

Continue Reading


18 December 2006 | 12,453 views

SinFP 2.0.4 – OS Detection – Now Works On Windows

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has. Nmap approaches to fingerprinting as shown to be efficient for years. Nowadays, with the omni-presence of stateful filtering devices, PAT/NAT configurations and emerging packet normalization technologies, its approach to OS fingerprinting is becoming to be obsolete. SinFP uses the aforementioned limitations [...]

Continue Reading


15 November 2006 | 4,072 views

McAfee buying Tel Aviv startup Onigma for $15-25 million cash

Data security giant McAfee has bought a young Tel Aviv startup, Onigma, for somewhere between $15 million to $25 million cash, surmise hi-tech circles. McAfee will be integrating the Onigma technology in its enterprise security solution, and will be recruiting dozens more Israeli developers for the startup, which will become a local R&D center. Onigma [...]

Continue Reading


08 November 2006 | 5,253 views

Taof 0.1 Network Protocol Fuzzer Released

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols. Taof aids the researcher during the data retrieval process by providing a transparent proxy functionality that forwards and logs requests from [...]

Continue Reading


31 October 2006 | 11,399 views

PMD – Java Source Code Scanner

Continuing with the series of tools I’ve been posting on source code auditing and application security, here is PMD a Java Source Code Scanner. PMD scans Java source code and looks for potential problems like: Possible bugs – empty try/catch/finally/switch statements Dead code – unused local variables, parameters and private methods Suboptimal code – wasteful [...]

Continue Reading


27 October 2006 | 5,173 views

Security Companies Fight Against Microsoft Security Center

No surprise really? Microsoft and they monopoly strategies, anti-competitive behaviour, nothing new really is it? Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate. The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point Software [...]

Continue Reading


26 October 2006 | 18,025 views

ARPWatch-NG ARP Flooding/Spoofing Protection/Detection

If you are paranoid about people ARP spoofing or flooding on your network you can use ARPWatch-NG, ARPWatch-NG is a continue of the popular original ARPWatch from ftp://ftp.ee.lbl.gov/. ARPWatch monitors MAC adresses on your network and writes them into a file, last know timestamp and change notification is included. It can be used it to [...]

Continue Reading


24 October 2006 | 8,892 views

LAPSE Sourcecode Analysis for JAVA J2EE Web Applications

LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE was developed by Benjamin Livshits as part of the Griffin Software Security Project. LAPSE targets the following Web application vulnerabilities: [...]

Continue Reading