Archive | Security Software


31 October 2006 | 11,409 views

PMD – Java Source Code Scanner

Continuing with the series of tools I’ve been posting on source code auditing and application security, here is PMD a Java Source Code Scanner. PMD scans Java source code and looks for potential problems like: Possible bugs – empty try/catch/finally/switch statements Dead code – unused local variables, parameters and private methods Suboptimal code – wasteful [...]

Continue Reading


27 October 2006 | 5,173 views

Security Companies Fight Against Microsoft Security Center

No surprise really? Microsoft and they monopoly strategies, anti-competitive behaviour, nothing new really is it? Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate. The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point Software [...]

Continue Reading


26 October 2006 | 18,077 views

ARPWatch-NG ARP Flooding/Spoofing Protection/Detection

If you are paranoid about people ARP spoofing or flooding on your network you can use ARPWatch-NG, ARPWatch-NG is a continue of the popular original ARPWatch from ftp://ftp.ee.lbl.gov/. ARPWatch monitors MAC adresses on your network and writes them into a file, last know timestamp and change notification is included. It can be used it to [...]

Continue Reading


24 October 2006 | 8,902 views

LAPSE Sourcecode Analysis for JAVA J2EE Web Applications

LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE was developed by Benjamin Livshits as part of the Griffin Software Security Project. LAPSE targets the following Web application vulnerabilities: [...]

Continue Reading


22 October 2006 | 22,816 views

Odysseus Proxy for MITM Attacks Testing Security of Web Applications.

Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission. For example, [...]

Continue Reading


12 October 2006 | 11,768 views

FindBugs – Find Bugs in Java Programs

FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons: Difficult language features Misunderstood API methods Misunderstood invariants when code is modified during maintenance Garden variety mistakes: typos, use [...]

Continue Reading


09 October 2006 | 12,736 views

Inprotect 0.22.5 Released – Web Interface for Nessus & Nmap

A new revision of Inprotect has just been released, 0.22.5 in order to fix bugs and implement feature requests submitted by the development team and users. Existing users are recommended to upgrade. Inprotect is a web interface for Nessus and Nmap security scanners, released under GNU/GPL license. This version has the following enhancements: Improved and [...]

Continue Reading


03 October 2006 | 7,629 views

Browzar is Bullshit

Not sure if any of you heard of this new super secure ultra cool web browser called Browzar? There was a bit of a backlash as it turned out Browzar was just another custom wrapper for Internet Exploder. Security experts are crying foul over a new supposedly secure browser application. Browzar is promoted as an [...]

Continue Reading


01 October 2006 | 16,175 views

BeEF – Browser Exploitation Framework

There’s been a lot of nice Web relevant testing and hacking tools coming out lately, I’ve gotten quite a collection to post about, so do try them out and let me know what you think. BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the [...]

Continue Reading


28 September 2006 | 9,445 views

Security Compass Web Application Analysis Tool – SWAAT

Announcing a new web application source code analysis tool called the Securitycompass Web Application Analysis Tool or SWAAT. You may know it as a static analysis tool. Currently in its beta release, this .Net command-line tool searches through source code for potential vulnerabilities in the following languages: Java and JSP ASP.Net PHP Using xml-based signature [...]

Continue Reading