Transcription
BestITSecurityTools&Softwarerewind & past hProcessLeaderhttp://www.security- ‐database.com
The year 2009 was very intense of emotions, sadness, sorrows, and conflicts. The world aswe knew or at least our parents did is changing so fast and unfortunately not in the right way.The very bad economic situation, the stinky religions conflicts, the riots and wars, theincrease of radical extremists and the policy of fear that the governments feed us are urgingthis earth to an excruciating end.But instead of talking about politicians and their immature and childish job they are doing asspreading fear, making the wrong choices (as usual), wasting taxpayers money and time,dumping people into poverty, we’d prefer focusing into enumerating the great software andtools we’ve seen this year.So, we are happy that 2009 is finally over and we expect the best for 2010.
ScoringcriteriaWe’ve conducted this new survey on the basis on some criteria (as we did two years before).Since the last survey (2007), we decided to add these new criteria:-Community supportDocumentationPopularity (Twitter followers)CriteriaAudienceCommentEach tool has its target audience.Community SupportTool has a community version with support and theappropriate documentation.DocumentationAll documentation are easy to read and to understand and atleast written in English. Wiki, blogs and other collaborativesupport are a must.FeaturesBuilt-in, plug-in, functionalities, capabilities, use of APIs,interoperability with other systems MaintenanceFrequency of bugs fixing, generating new releases, nightlybuilds, beta testing.The popularity of the tool among the community.PopularityTwitter followers.Average of visits and download based on our statistics for theyear 2009.ReportingStandards, Metrics &Open StandardsUpdatesSupport of charts, dashboard, exporting to multiple formats(HTML, XML, PDF).The ability of the tool to map findings with Compliance,standards and open standards or to score vulnerability /risks with metrics.Standard and metrics could be: CVE, CVSS, CWE, CPE,CCE, OVAL, SCAP, CAPEC, ISO 2700x, NIST, PCI DSS.Frequency of updates: adding new features, new plug-in,updating vulnerability database, updating techniques
HackingWinnerInformation gingEx æquo:Network Scanners andDiscoveryNmap v5NetiferaAngry IP ScannerAutoScanEx æquo:Vulnerability ScannersNessusOpenVASNeXposeApplication ScannersW3AFSamurai WTFNiktoExploitation FrameworksMetasploit v3DB ExploitWebsiteWireless HackingOSWAAirCrack suiteAiroScript-NGLive CDsBackTrack ommended(Promising)Windows AuditingOVAL interpreterNessus LocalPlug-insSysinternals toolsUnix AuditingLynisCIS ScoringOpenSCAPFirewall & Filtering DevicesNoneNoneNoneApplication AssessmentBurpSuiteWebSecurifyCAT The manualweb application
WinnerExcellentRecommended(Promising)Ex æquo:Wireless AuditingOSWAKismetInssiderKismacEx æquo:ForensicsCAINEDatamining / LogsManagementSplunk communityreleaseDradisIT ManagementSpiceWorksPaglo ITCode AnalysisRatsGrauditMobius / ProcessHackerNetwitness FreeEditionMS CAT.netEx æquo:Password AnalysisCain & AbelJohn The RipperOphCrackDatabase AuditingDb Audit FreeeditionVoIP / Telephony AuditingVAST ViperEx æquo:PangolinSQL MapWarVoxWapiti
CommercialsoftwareWinnerEx æquo:Vulnerability ManagementApplication SecurityAssessmentTenable NessusProFeedExcellentRecommended(Promising)Ex æquo:WebSaint /NeXposeEntrepriseEx æquo:Acunetix /N-stalkerIBM AppSCANPatch ManagementGFI LanguardNSSLumensionEndPointPenetration Testing andExploitationCoreImpactSaintExploitNetsparker
ra.comAutoScanhttp://autoscan-network.comAngry IP Metasploithttp://www.metasploit.orgSamurai net/nikto2Exploit tshere.org/page-training-oswa.htmAirCrack-NG /airoscript.aircrack-ng.orgBackTrack x.comOval Interpreterhttp://oval.mitre.orgSysinternals shttp://www.rootkit.nl
EditorCIS Scoring rifyhttp://www.websecurify.comCAT The Manual WebApplication ://www.caine-live.netMobius Forensics ss ss Free Editionhttp://www.netwitness.comSplunk ramework.orgSpiceworks Communityhttp://www.spiceworks.comPaglo thttp://www.justanotherhacker.comOWASP Code Crawlerhttp://www.owasp.orgCain & ceforge.netJohn the Ripperhttp://www.openwall.com/johnDB Audit Free ww.nosec.org
EditorSQL i.sourceforge.netVAST warvox.orgCommercial softwareTenable Nessus d/WebSainthttp://www.saintcorporation.comNeXpose ix.com/N-Stalkerhttp://www.nstalker.com/IBM scan/NetSparkerhttp://www.mavitunasecurity.com/GFI Languardhttp://www.gfi.com/languard/Lumension EndPointhttp://www.lumension.comCore ://www.saintcorporation.com
SecuritynewsinbriefWhat’shappenedLinkReturns of The L0phtIndustry mous-l0pht-comis-up-and.html rack-is-backwith-a-new.htmlVoIPScanner the first VoIPscanner As A Service anner-com-theFirst-VoIP.htmlRapid7 acquires Metasploit map v5.0 released http://nmap.org/5/Metasploit 3.x the bestexploitation framework ework-33released.htmlThe attack of conficker rs-and-utilitiesto-detect.html http://www.security-database.com/detail.php?alert CVE-2008-4250Sara project retired roject-retiredLast-release.htmlNessus turns to web withversion 4.2 released.htmlOWASP Guide v3.0released http://www.owasp.org/index.php/OWASP Testing Guide v3 Tableof ContentsCWE/SANS top dangerousprogramming errors NS-Top-25Most-Dangerous.html
TheidiotmoveNipper the dog is retired from /ThesmartmoveKeeping Metasploit open source and even adding support of Nexpose from it-331-nexpose-community.htmlSecurityHoaxThe death of Str0ke from milw0rm http://www.security-database.com/toolswatch/ RIP-str0ke-milw0rm .html netinnovationAnd the winner is France for HADOPI LAW. http://en.wikipedia.org/wiki/HADOPI law http://www.laquadrature.net/ nti-hadopi.html rprojectoftheyearAnd the winner is France for HADOPI LAW.
Angry IP Scanner Vulnerability Scanners Ex æquo: Nessus NeXpose OpenVAS Application Scanners W3AF Samurai WTF Nikto Exploitation Frameworks Metasploit v3 DB Exploit Website Wireless Hacking OSWA AirCrack suite AiroScript-NG Live CDs BackTrack 4 Katana Matriux ! SecurityAssessment%! Winner Excellent Recommended (Promising)
