Top 5 Web Security Tools

Web applications are everywhere in our Internet era. Web servers suffer the most security attacks from all applications. I believe that having a  routine schedule for testing the web servers and web applications for security weaknesses is an essential step to protect the security of the whole organization.

I suggest the following Web Vulnerability scanners for Ethical Security Testing of your Web servers or web applications accordingly.

  1. Nikto (DOWNLOAD)
  2. Nikto is an excellent tool for web testing. It is Open Source (Free) and runs on Linux and other Unix variants. It checks your web server for over 3500 potentialy dangerous CGIs and files, versions on over 900 servers, and version specific problems on over 250 servers. There is an automatic update feature on the tool which downloads the latest plugins. Latest version at the time of writing is 2.03. Works also in windows as Wikto.

  3. Paros Proxy (DOWNLOAD)
  4. Because Paros is Java based, it can work in cross platforms and supports many operating systems. It just requires Java JRE/JDK 1.4.2 or above. It is also free. When you enable Paros or your computer, it starts a local Web Proxy server which you use to point your Browser to it. Paros proxy then intercepts all HTTP traffic communication between your browser and web server in order to edit/view HTTP messages on the fly. It includes a web spider and scanner for common web application attacks.

  5. WebScarab (DOWNLOAD)
  6. WebScarab is designed to be a tool for a security specialist to identify vulnerabilities in the way that the application has been designed or implemented and also allows web developers to debug http problems. In its simplest form, WebScarab works as an intercepting proxy (similar with Paros) allowing the user to modify and edit web requests and messages between a web browser and server.

  7. HP WebInspect (DOWNLOAD)
  8. Formerly a tool from SPI Dynamics, now acquired by HP. It is a commercial and powerful tool for web application scanning. HP WebInspect performs web application security testing and assessment for today’s complex web applications, built on emerging Web 2.0 technologies. It can also check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more.

  9. Whisker (DOWNLOAD)
  10. Another great open source and free tool for CGI vulnerability scanning.

     

10 Free Downloads for your Network

I was reading an interesting article the other day in computerworld.com and thought about sharing it with you guys. It basically suggests 10 free software tools that you can download to make your network easier to use, troubleshoot and maintain. These freebies will help everyone from networking pros to networking newbies and everyone in between.

Although there are plenty of free network software out there, the article concentrates on the lesser-known tools, which however can be very useful for keeping your network secure; creating a quick, navigable network map; scanning networks and putting together a list of all connected devices; checking to see if your servers are up and running; even designing networks and more.

I will just list the free software tools below and you can just check them out for a description on their website:

  1. Network Magic (www.networkmagic.com)
  2. Spiceworks IT Desktop (www.spiceworks.com)
  3. NetLimiter Monitor (www.netlimiter.com)
  4. Network Notepad (www.networknotepad.com)
  5. Advanced Net Tools (www.dreamsyssoft.com/advanced-net-tools)
  6. Advanced IP Scanner (www.radmin.com/products/utilities/ipscanner.php)
  7. DreamSys Server Monitor (www.dreamsyssoft.com/servmon.php)
  8. Technitium MAC Address Changer (www.technitium.com)
  9. NetBrute Scanner (www.rawlogic.com)
  10. RogueScanner (www.paglo.com/opensource/roguescanner)

Top 10 Freeware Network Security Tools

1. Nessus DOWNLOAD

Nessus is a Network Vulnerability Scanner tool based on a client-server model. It features high speed discovery, configuration auditing, asset profiling, and vulnerability analysis of your network and systems. It is constantly updated with more than 11,000 plugins for the free version. Every audit in Nessus is coded as a plugin : a simple program which checks for a given flaw. Plugins can be enabled or disabled accordingly, depending on the kind of Vulnerability analysis required for the specific network. Nessus works on Windows, Linux, OpenBSD, FreeBSD and other Unix flavors.

2. Snort DOWNLOAD

Arguably one of the best network intrusion detection and prevention systems (IDS) is the free and open source Snort toolkit. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort works on many operating systems, including Windows, Linux, Solaris, FreeBSD etc. Snort utilizes a rule-based language that combines the benefits of signature inspection, protocol inspection, and anomaly-based inspection. You can configure Snort to run in a few different modes such as Sniffer mode, Packet Logger mode, and Network Intrusion Detection (NIDS) mode. Continue reading “Top 10 Freeware Network Security Tools”

Top 5 Freeware Tools for Network Admins

1. PuTTY for SSH Access DOWNLOAD

PuTTY is a Secure Shell (SSH) client that runs on Windows. You can use PuTTY to access remote network devices (Routers, switches, firewalls, Unix Servers etc) using the secure SSH protocol. With an increased emphasis on security, most network devices can now be remotely accessed via SSH. PuTTY supports SSH versions 1 and 2 along with Data Encryption Standard (DES), Triple DES (3DES), and Advanced Encryption Standard (AES). With a single click of a button, you can also log a session for later review. PuTTY also supports Telnet.

2. PumpKIN TFTP Server DOWNLOAD

Most network devices use the Trivial File Transfer Protocol (TFTP) as the primary way to transfer system image files or configuration files, so a simple, stable TFTP server is an essential part of a network administrator toolkit. PumpKIN TFTP server provides a simple, easy to use GUI and runs on all versions of Windows. PumpKIN also plays .wav files to provide audio alerts indicating the state of a TFTP transfer- A feature that is very handy for multitasking network administrators. Continue reading “Top 5 Freeware Tools for Network Admins”