Security Management Strategies for the CIO
Email Alerts
-
Nessus 3 Tutorial: How to use Nessus to identify network vulnerabilities
Learn how to use Nessus, an inexpensive vulnerability scanner, with our Nessus Tutorial Guide. It not only examines the benefits of this free open source tool, but also walks you through the processes of using it in the enterprise, from installation ... SearchSecurity Technical
-
Fuzzing: Brute Force Vulnerability Discovery
In this Chapter 21 excerpt from "Fuzzing: Brute Force Vulnerability Discovery," authors Michael Sutton, Adam Greene, and Pedram Amini examine SPIKE, one of the most popular and widely used fuzzing frameworks. Book Chapter
-
Nmap Technical Manual
By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind, SearchSecurity.com, in collabora... Learning Guide
-
Snort Intrusion Detection and Prevention Guide
Answers to frequently asked questions related to the open source Snort intrusion detection and prevention system. SearchSecurity Technical
-
Dangerous Samba vulnerability affects all Linux systems
The commonly used tool contains an error that can be executed remotely by attackers, giving them root access to a system. Proof-of-concept code is available, experts warn. News | 11 Apr 2012
-
Hacking tool exploits faulty AES cookie encryption implementations
Microsoft's popular Web framework, ASP.NET, fails to protect encrypted cookies that store online credentials on some popular banking and shopping websites. Article | 16 Sep 2010
-
Black Hat 2010: New Firefox tool to clean Adobe Flash file errors
Browser-based add-on, Blitzableiter, cleans SWF files prior to running on a user's computer. The tool will be released at Black Hat 2010 in Las Vegas. Article | 07 Jul 2010
-
H.D. Moore on future of Metasploit attack platform
Metasploit creator H.D. Moore says the Rapid7 acquisition strengthens development on the platform. News | 18 Nov 2009
-
H.D. Moore speaks about Metasploit Project deal, Release 3.3
The sale of the Metasploit Project, and its highly respected pen-testing platform to vulnerability management vendor Rapid7 in October signals change for yet another major open-source project to a commercial company. In a wide-ranging interview, Meta... Interview | 17 Nov 2009
-
Metasploit Project acquired by vulnerability management firm Rapid7
The popular Metasploit Framework remains a free and open source hacking tool. Creator HD Moore joins Rapid7 as CSO, Metasploit architect. Article | 21 Oct 2009
-
SSH key compromise shuts down Apache website
Attackers forced Apache to shut down its website for several hours Friday morning, using a compromised SSH key to gain access to one of its servers. Article | 28 Aug 2009
-
Free HP SWFScan tool detects Adobe Flash flaws
SWFScan analyzes Adobe Flash to identify dozens of source code errors. Article | 23 Mar 2009
-
Open source security concerns can trump cost savings
Despite tough economy, Palamida survey shows companies are hesitant to broaden open source use. Article | 29 Dec 2008
-
Free security tool helps track down bots
BotHunter, a free tool that monitors traffic flows between infected hosts and external attackers helps organizations track down infected hosts and battle botnets in their network. Article | 26 Nov 2008
- See More: News on Open Source Security Tools and Applications
-
Social engineering penetration testing: Four effective techniques
Social engineering penetration testing is now a must for enterprises. Learn about the four methods your pen tests should use. Tip
-
An inside look into OWASP’s Mantra tool
OWASP’s Mantra tool is being praised by security pro’s for its abundance of options and ease of use. In this screencast, Mike McLaughlin takes a look at what Mantra has to offer. Tip
-
Log Parser examples: Using the free log analysis tool
Log analysis is an essential security function for almost all enterprises, and, with Log Parser, much of it can be done for free. Learn how to use Microsoft's free Log Parser in this expert tip. Tip
-
ngrep: Learn how to find new malware with ngrep examples
In this video, Peter Giannoulis of the AcademyPro.com uses several ngrep examples to show how to find new malware that antivirus or IPS might not pick up on with this free tool. Tip
-
Video: OSSEC screenshots show how to use the free IDS
An intrusion detection system has become necessary for most enterprises, but they can be both expensive and difficult to configure. In part two of this screencast, learn how to use the free IDS OSSEC. Tip
-
How to install an OSSEC server on Linux and an OSSEC Windows agent
Learn how to install the free, host-based intrusion detection system OSSEC, with step-by-step instructions on setting up an OSSEC Linux server with an OSSEC Windows agent. Tip
-
The pros and cons of deploying OpenLDAP: Windows and Unix
Randall Gamby discusses how OpenLDAP should (or shouldn't) be used in conjunction with enterprise directory implementations. Tip
-
XSSer demo: How to use open source penetration testing tools
In this video demo, learn how to use XSSer, open source penetration testing tools for detecting various Web application flaws and exploiting cross-site scripting (XSS) vulnerabilities against applications. Tip
-
How to use NeXpose: Free enterprise vulnerability management tools
Learn how to use NeXpose Community Edition, a free collection of vulnerability management tools that offers pre-defined scan templates, and the ability to scan networks, OSes, desktops and databases. Tip
-
Role-based access control: Pros of an open source RBAC implementation
There are many advantages to an open source RBAC implementation. However, it's important to know the context in which such a product will work best. In this tip, expert Randall Gamby discusses how to determine if open source RBAC is right for you. Tip
- See More: Tips on Open Source Security Tools and Applications
-
Addressing HP netbook security with webOS discontinued
A company contemplates the security implications of continuing an HP netbook rollout with webOS discontinued Answer
-
OpenStack security analysis: Pros and cons of open source cloud software
Expert Michael Cobb examines the open source cloud computing platform OpenStack and relevant OpenStack security issues. Answer
-
Debug and test Web applications using Burp Proxy
The Burp Proxy tool, part of the Burp Suite, has many useful features that test Web application security. Learn how to start using Burp Proxy. Answer
-
Valuable third-party patch deployment software, tools
Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your enterprise. Ask the Expert
-
Secure OpenVPN config with PAM
Network security expert Anand Sastry explains the relationship between OpenVPN and TLS, and points out where to learn about using OpenVPN and PAM. Ask the Expert
-
OpenOffice security: Concerns when moving from Microsoft Office
What are the major OpenOffice security concerns when transitioning from Microsoft Office? Security expert Michael Cobb explains the potential vulnerabilities between open source and commercial software. Ask the Expert
-
Is KeePass safe? Free password protection programs and enterprise IAM
The lure of free password protection programs such as KeePass can be strong, but are they really up to enterprise security standards? In this response, IAM expert Randall Gamby explains why the best password protection software might not be the cheap... Ask the Expert
-
Should open source disk-encryption software be used?
When it comes to IT security, Michael Cobb recommends encryption devices or software that provide the most effective product for the threat being mitigated. Sound simple? See if that advice includes open-source tools. Ask the Expert
-
Is there a free enterprise-caliber password-management tool?
Enterprise-caliber password-management tools can be very expensive. Learn about a few free open source password management tools that can improve IAM at your enterprise. Ask the Expert
-
What reporting tools are available for an enterprise IDS?
Modern security analysts can easily become overwhelmed by the variety and quantity of audit records. In this SearchSecurity.com Q&A;, network expert Mike Chapple reveals which open-source reporting tools can make life easier. Ask the Expert
- See More: Expert Advice on Open Source Security Tools and Applications
-
Open Source Hardening Project
The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code. Because the infrastructure of the Internet, financial institutions and many other critcal ... Definition
-
SnortSnarf
SnortSnarf is a program that was designed for use with Snort, a security program used mainly with Linux networks. SnortSnarf converts the data from Snort into Web pages. It was written in Perl by Jim Hoagland of Silicon Defense. Snort is an open sour... Definition
-
Blowfish
Blowfish is an encryption algorithm that can be used as a replacement for the DES or IDEA algorithms. Definition
-
Kermit
Kermit is a popular file transfer and management protocol and suite of communications software programs with advantages over existing Internet protocols such as File Transfer Protocol and Telnet. Definition
-
How to use Wireshark to detect and prevent ARP spoofing
Video: Keith Barker of CBT Nuggets demonstrates how to use Wireshark, the popular open source packet analyzer, to prevent ARP spoofing attacks. Screencast
-
pfSense tutorial: Configure pfSense as an SMB-caliber firewall
Video: Keith Barker of CBT Nuggets provides a brief pfSense tutorial. Learn how to configure pfSense, a free yet surprisingly capable firewall. Screencast
-
Screencast: Burp Suite tutorial highlights Burp Proxy, other key tools
In this screencast, Mike McLaughlin offers a short Burp Suite tutorial, including the key features of this powerful pen testing tool: Burp Proxy. Video
-
Screencast: ShareEnum eases network enumeration, network share permissions
Mike McLaughlin displays how easy network enumeration can be with ShareEnum, including the ability to quickly secure network shares and display share permissions. Screencast
-
Metasploit and software vulnerability testing
Metasploit is a free tool that can be used to pen test for new and potentially damaging vulnerabilites. In this interview, H.D. Moore, creator of Metasploit, explains how the tool works and what it can contribute to software security. Video
-
L0phtCrack returns
Security expert Chris Wysopal explains why the L0phtCrack password cracking tool was unveiled once again after Symantec discontinued sales of L0phtCrack in 2006. Video
-
How to use Wireshark to detect and prevent ARP spoofing
Video: Keith Barker of CBT Nuggets demonstrates how to use Wireshark, the popular open source packet analyzer, to prevent ARP spoofing attacks. Screencast
-
pfSense tutorial: Configure pfSense as an SMB-caliber firewall
Video: Keith Barker of CBT Nuggets provides a brief pfSense tutorial. Learn how to configure pfSense, a free yet surprisingly capable firewall. Screencast
-
Social engineering penetration testing: Four effective techniques
Social engineering penetration testing is now a must for enterprises. Learn about the four methods your pen tests should use. Tip
-
Screencast: Burp Suite tutorial highlights Burp Proxy, other key tools
In this screencast, Mike McLaughlin offers a short Burp Suite tutorial, including the key features of this powerful pen testing tool: Burp Proxy. Video
-
Dangerous Samba vulnerability affects all Linux systems
The commonly used tool contains an error that can be executed remotely by attackers, giving them root access to a system. Proof-of-concept code is available, experts warn. News
-
Screencast: ShareEnum eases network enumeration, network share permissions
Mike McLaughlin displays how easy network enumeration can be with ShareEnum, including the ability to quickly secure network shares and display share permissions. Screencast
-
Addressing HP netbook security with webOS discontinued
A company contemplates the security implications of continuing an HP netbook rollout with webOS discontinued Answer
-
OpenStack security analysis: Pros and cons of open source cloud software
Expert Michael Cobb examines the open source cloud computing platform OpenStack and relevant OpenStack security issues. Answer
-
Debug and test Web applications using Burp Proxy
The Burp Proxy tool, part of the Burp Suite, has many useful features that test Web application security. Learn how to start using Burp Proxy. Answer
-
An inside look into OWASP’s Mantra tool
OWASP’s Mantra tool is being praised by security pro’s for its abundance of options and ease of use. In this screencast, Mike McLaughlin takes a look at what Mantra has to offer. Tip
- See More: All on Open Source Security Tools and Applications
About Open Source Security Tools and Applications
Open source security tools offer numerous benefits to enterprise security, but they can also come with their own vulnerabilities. Here you'll find news, expert advice, learning tools and white papers on Snort, Nmap, Nessus and other popular open source security tools.