Aug 232008
 


OpenVAS, Open Vulnerability Assessment Server is a free opensource  vulnerability assessment software released under GNU GPL lincese. OpenVAS is a fork of Nessus Vulnerability assessment software. Similar to the Plugin sets in Nessus, OpenVAS provides free Network Vulnerability Tests plugins that can be updated regularly.

Continue reading »

Aug 222008
 


The Nessus vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. Nessus can also be used for ad-hoc scanning, daily scans, and quick-response audits.

Continue reading »

Jul 102008
 


Ratproxy is an opensource semi-automated, largely passive web application security audit tool from the search giant Google. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Continue reading »

Jul 102008
 


OWASP WebScarab is a framework for analysing HTTP and HTTPS applications. Written in Java, WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

Continue reading »

Jul 092008
 


TrueCrypt is a free opensource software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Continue reading »