[ad] Finally Microsoft is doing something proactive and perhaps even slightly ahead of the game, a real game-change for the security community. They have released a new AND open-source tool to make debugging easier, it gives developers a lot of help during the release cycle to build more secure software. Mostly because it takes the […]
Countermeasures
DShield Web Honeypot Project – Alpha Version Released
[ad] For those of you who are not familiar with DShield (where have you been? under a rock?) it’s a Cooperative Network Security Community. Basically what that means is they collect firewall logs and map out the trends. Like when there was a worm going around that bruteforced SSH2 you could see a spike in […]
FlowMatrix – Free Network Behavior Analysis System
[ad] FlowMatrix is Network Anomaly Detection and Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events. In addition, the new release of FlowMatrix, (ver.0.9.62 and later) supports Network Applications Behavior […]
Independent Web Vulnerability Scanner Comparison – Acunetix WVS, IBM Rational AppScan & HP WebInspect
[ad] I saw a relevant paper published today by an individual that claims the comparison was ordered by a penetration testing company (a company which remains unnamed). The vendors were not contacted during or after the evaluation. Testing Procedure The author tested 13 web applications (some of them containing a lot of vulnerabilities), 3 demo […]
OWASP (Open Web Application Security Project) Testing Guide v3 Released
[ad] This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations and a “low level” web application penetration testing guide that describes how to find certain issues. Version 3 of the Testing Guide was released in last month in December 2008, the project […]