Blog Posts Tagged with "Scanners"
Securing Your Application Perimeter: What to Test for Vulnerabilities
September 05, 2012 Added by:Fergal Glynn
When dynamic scanning engines were first designed they were primarily tools for penetration testers to use on a few select web applications deemed critical enough to warrant serious testing. But times have changed, every Internet facing application is now a potential attack surface...
Comments (0)
Visualize Wi-Fi Networks Using Vistumbler and Google Earth
July 30, 2012 Added by:Dale Rapp
Vistumbler is an excellent free tool that scans for nearby wireless networks within range of your wi-fi adapter. Once Vistumbler finds a wireless network it will display the networks SSID, signal strength, encryption being used, mac address, the networks channel, access point manufacturer, and much more...
Comments (4)
Broken Logic: Avoiding the Test Site Fallacy
July 25, 2012 Added by:Fergal Glynn
Dynamic Application Security Testing (DAST) tool vendors demonstrate their tools by allowing prospects to scan test sites so they can see how the scanner works and the reports generated. We should not gage the effectiveness of a scanner by only looking at the results from scanning these public test sites...
Comments (1)
A Step-by-Step Guide for Choosing the Best Scanner
July 16, 2012 Added by:Shay Chen
There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...
Comments (0)
The Perils Of Automation In Vulnerability Assessment
June 25, 2012 Added by:Ian Tibble
“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...
Comments (5)
OWASP Releases Zed Attack Proxy (ZAP) 1.4.0
April 09, 2012 Added by:Headlines
"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications... ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually..."
Comments (0)
A Scanning Tool or a Tool Scanning?
March 26, 2012 Added by:Infosec Island Admin
What is worrying is that the scanner online at amihackerproof.com has no restrictions on it as to who it may scan, just put in an IP or domain name and click to hit some systems using this site. That’s right Mark Zuckerberg, you now can see if facebook.com is easily pwn-able...
Comments (0)
The Role of Penetration Testing in the Infosec Strategy
March 26, 2012 Added by:Ian Tibble
For all intents and purposes, penetration testing had become such a low quality affair that clients stopped paying for it unless they were driven by regulations to perform periodic tests of their perimeter "by an independent third party"...
Comments (2)
Out With the New, In With the Old: OS Security Revisited
March 06, 2012 Added by:Ian Tibble
Operating System Security is radically under-appreciated, and this has been the case since the big bang of security practices in the mid-90s. OS security, along with application security, is the front line in the battle against hackers, but this has not been widely realized...
Comments (0)
GFI WebMonitor Internet and Web Security Review
February 09, 2012 Added by:Dan Dieterle
Looking for a program that monitors internet use, allows granular control over sites and services they can access, coupled with comprehensive web security and threat detection that includes scanning with three Anti-Virus engines? Look no further...
Comments (0)
System Compromise: What the Heck is a FeeLCoMz String?
February 03, 2012 Added by:Brent Huston
If you find those strings, they usually indicate other PHP scanners, worms or attack tools have compromised the system. Now, if you don’t find those, it does NOT mean the system is safe, the list of all of those relevant strings would be too large and dynamic to manage...
Comments (0)
Four Reasons to Use a Vulnerability Scanner
February 01, 2012 Added by:Dan Dieterle
A vulnerability scanner is a tool that can automatically scan your network and the systems connected to it, examining each one for vulnerabilities that could be exploited. Malicious users frequently use scanners to hunt for ways to compromise your systems...
Comments (0)
More Exposure to SCADA Devices Through Shodan
January 22, 2012 Added by:Bob Radvanovsky
Wile I am certain that the majority of this membership knows what Shodan is, honestly, it represents slightly more than an automated port scanner reporting back on some of the more common open ports (HTTP, SNMP, telnet) that appear to be pingable throughout the Internet...
Comments (3)
Windows Phone Application Analyzer v1.0 Released
January 20, 2012 Added by:Security Ninja
I developed and would like to introduce the Windows Phone App Analyzer, The Windows Phone App Analyser is similar to the static analysis tab in Agnitio. If you browse to any C# .cs files and click scan you will see the keyword highlighting that you might be familiar with from Agnitio...
Comments (0)
On Vulnerability Assessments and Penetration Tests
January 10, 2012 Added by:Drayton Graham
Simply put, a Vulnerability Assessment is a piece of code that will identify and report on known vulnerabilities, but a scanner will likely run into false positives. A Penetration Test goes a step further in that a human exploits vulnerabilities, but false positives do not exist...
Comments (0)
Vulnerability Response Done Right
January 09, 2012 Added by:Fergal Glynn
Just before the holidays, we detected a cross-site scripting (XSS) vulnerability while running a web application scan for one of our customers. As it turned out, the discussion forum where we found the XSS was a SaaS-based product called Lithium...
Comments (0)
- Calming the Complexity: Bringing Order to Your Network
- #NCSAM: Third-Party Risk Management is Everyone’s Business
- Oracle CPU Preview: What to Expect in the October 2017 Critical Patch Update
- Surviving Fileless Malware: What You Need to Know about Understanding Threat Diversification
- Why Cloud Security Is a Shared Responsibility
- Put Your S3 Buckets to the Test to Ensure Cloud Fitness
- Is Your “Father’s IAM” Putting You at Risk?
- SAP Cyber Threat Intelligence Report – October 2017
- Cyber Security in the Workplace Is Everyone’s Obligation
- Hey Alexa – Show Me Whitelisted Malware