Dan Griffin's Blog
Comments on security, PKI, smart cards, cryptography, and entrepreneurship.
Yet More Security Tools Lists
January 7, 2007
The "First 2007 Unannotated, Unordered List of Fuzzing Tools Lists":
- http://www.heise-security.co.uk/tools/
- http://www.scadasec.net/secwiki/FuzzingTools
- http://www.hacksafe.com.au/blog/2006/08/21/fuzz-testing-tools-and-techniques/
- http://www.secguru.com/tag/fuzzer
- http://www.packetstormsecurity.org/fuzzer/
- http://www.infosecinstitute.com/blog/2005/12/fuzzers-ultimate-list.html
The "First 2007 Minimally-Annotated, Unordered List of Security Tools Lists":
- http://packetstormsecurity.org/tools100.html
- http://packetstormsecurity.org/Win/indexdate.html
- http://secureitalliance.org/Directory.aspx
- http://iase.disa.mil/stigs/SRR/index.html
- http://www.cve.mitre.org/compatible/product.html - long list, but sorted by the dubious criteria of CVE Compatibility Status.
- http://samate.nist.gov/index.php/Network_Scanners
And, finally, deserving special mention, is HD Moore’s slide deck on ASP.NET security - http://www.metasploit.com/confs/bluehat2006/bluehat3-aspnet.pdf. Of interest in the context of this post is slide 17, which lists, among a variety of tools:
- OWASP - http://www.owasp.org/index.php/Main_Page - seems to have lots of momentum as the primary braintrust for tools and research on web application security
- SPI Dynamics - http://www.spidynamics.com/ - a Seattle area company. I recently spoke with one of their reps. They do cool stuff, such as simulating execution of AJAX payloads to detect risky code injection, and allowing segmentation of network scanning and reporting rights, so that your London-based IT guys can’t use the tool to compromise your New York site and vice-versa.
Permalink |
No Comments »
No comments yet.
RSS feed for comments on this post. TrackBack URL
