Blog Posts Tagged with "Scanners"

68b48711426f3b082ab24e5746a66b36

Securing Your Application Perimeter: What to Test for Vulnerabilities

September 05, 2012 Added by:Fergal Glynn

When dynamic scanning engines were first designed they were primarily tools for penetration testers to use on a few select web applications deemed critical enough to warrant serious testing. But times have changed, every Internet facing application is now a potential attack surface...

Comments  (0)

964eef19f95b77a2606d36daf6deb25f

Visualize Wi-Fi Networks Using Vistumbler and Google Earth

July 30, 2012 Added by:Dale Rapp

Vistumbler is an excellent free tool that scans for nearby wireless networks within range of your wi-fi adapter. Once Vistumbler finds a wireless network it will display the networks SSID, signal strength, encryption being used, mac address, the networks channel, access point manufacturer, and much more...

Comments  (4)

68b48711426f3b082ab24e5746a66b36

Broken Logic: Avoiding the Test Site Fallacy

July 25, 2012 Added by:Fergal Glynn

Dynamic Application Security Testing (DAST) tool vendors demonstrate their tools by allowing prospects to scan test sites so they can see how the scanner works and the reports generated. We should not gage the effectiveness of a scanner by only looking at the results from scanning these public test sites...

Comments  (1)

Ebdbfa1c3de4d826bbe7fe360c211ecc

A Step-by-Step Guide for Choosing the Best Scanner

July 16, 2012 Added by:Shay Chen

There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...

Comments  (0)

1de705dde1cf97450678321cd77853d9

The Perils Of Automation In Vulnerability Assessment

June 25, 2012 Added by:Ian Tibble

“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...

Comments  (5)

69dafe8b58066478aea48f3d0f384820

OWASP Releases Zed Attack Proxy (ZAP) 1.4.0

April 09, 2012 Added by:Headlines

"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications... ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

A Scanning Tool or a Tool Scanning?

March 26, 2012 Added by:Infosec Island Admin

What is worrying is that the scanner online at amihackerproof.com has no restrictions on it as to who it may scan, just put in an IP or domain name and click to hit some systems using this site. That’s right Mark Zuckerberg, you now can see if facebook.com is easily pwn-able...

Comments  (0)

1de705dde1cf97450678321cd77853d9

The Role of Penetration Testing in the Infosec Strategy

March 26, 2012 Added by:Ian Tibble

For all intents and purposes, penetration testing had become such a low quality affair that clients stopped paying for it unless they were driven by regulations to perform periodic tests of their perimeter "by an independent third party"...

Comments  (2)

1de705dde1cf97450678321cd77853d9

Out With the New, In With the Old: OS Security Revisited

March 06, 2012 Added by:Ian Tibble

Operating System Security is radically under-appreciated, and this has been the case since the big bang of security practices in the mid-90s. OS security, along with application security, is the front line in the battle against hackers, but this has not been widely realized...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

GFI WebMonitor Internet and Web Security Review

February 09, 2012 Added by:Dan Dieterle

Looking for a program that monitors internet use, allows granular control over sites and services they can access, coupled with comprehensive web security and threat detection that includes scanning with three Anti-Virus engines? Look no further...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

System Compromise: What the Heck is a FeeLCoMz String?

February 03, 2012 Added by:Brent Huston

If you find those strings, they usually indicate other PHP scanners, worms or attack tools have compromised the system. Now, if you don’t find those, it does NOT mean the system is safe, the list of all of those relevant strings would be too large and dynamic to manage...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Four Reasons to Use a Vulnerability Scanner

February 01, 2012 Added by:Dan Dieterle

A vulnerability scanner is a tool that can automatically scan your network and the systems connected to it, examining each one for vulnerabilities that could be exploited. Malicious users frequently use scanners to hunt for ways to compromise your systems...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

More Exposure to SCADA Devices Through Shodan

January 22, 2012 Added by:Bob Radvanovsky

Wile I am certain that the majority of this membership knows what Shodan is, honestly, it represents slightly more than an automated port scanner reporting back on some of the more common open ports (HTTP, SNMP, telnet) that appear to be pingable throughout the Internet...

Comments  (3)

4e21f96122846f32545687ad42b271e2

Windows Phone Application Analyzer v1.0 Released

January 20, 2012 Added by:Security Ninja

I developed and would like to introduce the Windows Phone App Analyzer, The Windows Phone App Analyser is similar to the static analysis tab in Agnitio. If you browse to any C# .cs files and click scan you will see the keyword highlighting that you might be familiar with from Agnitio...

Comments  (0)

099757b145caa6965ea51494adbc25ba

On Vulnerability Assessments and Penetration Tests

January 10, 2012 Added by:Drayton Graham

Simply put, a Vulnerability Assessment is a piece of code that will identify and report on known vulnerabilities, but a scanner will likely run into false positives. A Penetration Test goes a step further in that a human exploits vulnerabilities, but false positives do not exist...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Vulnerability Response Done Right

January 09, 2012 Added by:Fergal Glynn

Just before the holidays, we detected a cross-site scripting (XSS) vulnerability while running a web application scan for one of our customers. As it turned out, the discussion forum where we found the XSS was a SaaS-based product called Lithium...

Comments  (0)

Page « < 1 - 2 > »