Penetration Testing mailing list archives
Security Tools Watch Newsletter - June 2010
From: "SD List" <list () security-database com>
Date: Wed, 30 Jun 2010 18:28:55 +0200 (CEST)
Security Tools Watch Newsletter - June 2010 Get the latest news from http://www.twitter.com/toolswatch or Subscribe to Security Tools Watch Group at Linkedin http://www.linkedin.com/groups?gid=68780&trk=myg_ugrp_ovr Here is a round-up about the latest tools, software and news about security IT. Security News Collection of Wireless Security Checklist http://iase.disa.mil/stigs/content_pages/wireless_security.html CloudShark brings your network capture files to the web http://www.cloudshark.org/ BackTrack, Present and Future http://www.backtrack-linux.org/backtrack/backtrack-present-and-future/ ⁃ BackTrack 5 and Exploit-DB Updates http://www.offensive-security.com/offsec/backtrack-5-exploit-db-updates/ 2010 CWE/SANS Top 25 Most Dangerous Programming Errors v1.04 released http://cwe.mitre.org/top25/archive/2010/2010_cwe_sans_top25.pdf ⁃ CWE Version 1.9 Now Available http://cwe.mitre.org/data/index.html ⁃ CWE-79 Cross Site Scripting is now called "Improper Neutralization of Input During Web Page Generation" ⁃ CWE-89 SQL Injection now called "Improper Neutralization of Special Elements used in an SQL Command" ⁃ CWE-78 OS Command Injection now called "Improper Neutralization of Special Elements used in an OS Command" NIST 800-53A Revision 1 released http://csrc.nist.gov/publications/nistpubs/800-53A-rev1/sp800-53A-rev1-final.pdf Rootkit Analytics The New Look http://www.rootkitanalytics.com/ (the guys behind StreamArmor) The new release of Sipvicious highly used for hacking attempts specially from Japan and Russian Fed http://atlas.arbor.net/attacks/2008578 Hakin9 Security VoIP Issue released http://hakin9.org/magazine/1255-securing-voip Decrypt a Cisco VPN Password http://coreygilmore.com/projects/decrypt-cisco-vpn-password/ Tools News pvefindaddr v1.34 released http://www.corelan.be:8800/index.php/security/pvefindaddr-py-immunity-debugger-pycommand/ Focus on Fierce Domain Scan version 2.0 http://trac.assembla.com/fierce Scan IP with http://www.ipvoid.com/ a part of http://www.novirusthanks.org/ project Websecurify Security Testing Runtime v0.6 released http://code.google.com/p/websecurify/ Safe3 SQL Injector v6.2 released http://sourceforge.net/projects/safe3si/ The Dude network monitor v4.0beta1 released http://www.mikrotik.com/thedude.php SkipFish 1.44b here http://code.google.com/p/skipfish/downloads/list Suricata 0.9.2 RC3 Released http://www.openinfosecfoundation.org/ Development - Wireshark 1.4.0rc1 - http://www.wireshark.org/download.html THC IPV6 attack toolkit v1.1 released http://freeworld.thc.org/thc-ipv6/ SSL Labs assessment engine v1.0.59 improvements (ex- ssllabs acquired by Qualys) https://www.ssllabs.com L0phtCrack v6.0.8 released http://www.l0phtcrack.com/download.html Burp Suite Professional v1.3.06 released http://releases.portswigger.net/2010/06/v1306.html WeakNet Linux Release 4.1k Now Available http://weaknetlabs.com/main/?p=424 Andiparos v1.0 fork of Paros Proxy released http://code.google.com/p/andiparos/ Shadowcircle is a Free Linux live Pentesting Distribution v2.0 announced http://www.shadowcircle.org/ OWASP JBroFuzz v2.3 released http://www.owasp.org/index.php/Category:OWASP_JBroFuzz Cain & Abel 4.9.36 Released http://www.oxid.it/ OpenFISMA Release 2.7 available http://openfisma.org/content/openfisma-release-27 Get your sipvicious v0.2.6 copy from SVN http://code.google.com/p/sipvicious/wiki/ChangeLog Spiceworks release 4.7.52439 Now Available http://download.spiceworks.com/Spiceworks.exe SAINT Vulnerability Scanner release v7.4.2 available http://www.saintcorporation.com/ Adhearsion, a Ruby framework for creating telephone applications, releases version 0.8.4 http://adhearsion.com/ Netsparker Community Edition - Free Web Application Security Scanner 1.5.0.0 Released! - http://www.mavitunasecurity.com/communityedition/ NeoPwn the First Pentesting Mobile Environment Beta Release http://www.neopwn.com/ ThreatFactor Realtime Website Auditing updated to v0.9.1 http://threatfactor.com/ Xplico Network Forensic Analysis Tool v0.5.8 released http://www.xplico.org/ WhatWeb v0.4.4 released ... WhatWeb has now 160 plugins http://www.morningstarsecurity.com/research/whatweb Nabil OUCHN ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Security Tools Watch Newsletter - June 2010 SD List (Jun 30)