background preloader

OpenVAS - OpenVAS - Open Vulnerability Assessment System

OpenVAS - OpenVAS - Open Vulnerability Assessment System
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. Discover OpenVAS Learn what OpenVAS is and read more about the features of our solution! About OpenVAS » Reliable and Sustainable The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis.

http://www.openvas.org/

Related:  WP

Testing Your Web Application - A Quick 10 Step Guide A Quick 10-Step Guide by Krishen Kota, PMP Interested in a quick checklist for testing a web application? The following 10 steps cover the most critical items that I have found important in making sure a web application is ready to be deployed. Depending on size, complexity, and corporate policies, modify the following steps to meet your specific testing needs. Nessus From the beginning, we've worked hand-in-hand with the security community. We continuously optimize Nessus based on community feedback to make it the most accurate and comprehensive vulnerability assessment solution in the market. 20 years later and we're still laser focused on community collaboration and product innovation to provide the most accurate and complete vulnerability data - so you don't miss critical issues which could put your organization at risk. Today, Nessus is trusted by more than 27,000 organizations worldwide as one of the most widely deployed security technologies on the planet - and the gold standard for vulnerability assessment. See for yourself - explore the product here. 1 in Accuracy Nessus has the industry's lowest false positive rate with six-sigma accuracy.

ARGUS- Auditing Network Activity Welcome to Argus, the network Audit Record Generation and Utilization System. The Argus Project is focused on developing all aspects of large scale network activity audit. Argus, itself, is next-generation network flow technology, going from packets on the wire to advanced network flow data, to network forensics data; all in support of Network Operations, Performance and Security Management. If you need to know what is going on in your network, right now or historically, you will find Argus a useful tool. Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently.

Nikto Web Scanner Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. The Nikto code itself is Open Source (GPL), however the data files it uses to drive the program are not. [1] Chris Sullo, the CFO of Open Security Foundation has written this scanner for vulnerability assessment. [2] Functions[edit] Appstats für Python - Google App Engine The Python SDK includes the Appstats library used for profiling the RPC (Remote Procedure Call) performance of your application. An App Engine RPC is a roundtrip network call between your application and an App Engine Service API. For example, all of these API calls are RPC calls:

Scanning the Internet with Nmap (Defcon 16) Tutorial Scanning The Internet With Nmap (Defcon 16) Description: How would you like to scan millions of hosts on the Internet and catalog all the interesting insights? This is exactly what Fyodor, the author of Nmap or Network Mapper did last summer. Thankfully, he then went on to share his finding with the community at Defcon 16 in his talk titled "Nmap: Scanning the Internet".

iplog iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function. Release Notes: Bugfixes and the addition of a "--pid-file" command-line argument. Release Notes: This release includes the ability to detect TCP SYN scans, and has been fixed to allow building on Solaris 8. Release Notes: Fixes for switching users and getting IDENT info. Release Notes: Lots of bugfixes, support for a configuration file, and fixes to build on lots of platforms.

Where do fields live in the database? - ACF Support Hi there, Where would the custom field groups reside in my database? We’ve wound up with a bunch of errors after changing a field type and are trying to see if we can fix them by accessing the field itself via the database, but we’re having trouble finding the field groups themselves.Help???~Laura In ACF 4 the field groups are save as a post in the post table with a post type of “acf”. Web Application Security Testing Cheat Sheet This cheat sheet provides a checklist of tasks to be performed during blackbox security testing of a web application. This checklist is intended to be used as an aide memoire for experienced pentesters and should be used in conjunction with the OWASP Testing Guide. It will be updated as the Testing Guide v4 is progressed. The intention is that this guide will be available as an XML document, with scripts that convert it into formats such as pdf, Media Wiki markup, HTML etc. This will allow it to be consumed within security tools as well as being available in a format suitable for printing. All feedback or offers of help will be appreciated - and if you have specific changes you think should be made, please log in and make suggestions.

Related:  Vulnerability Web scanner and monitoring tools