Penetration Testing mailing list archives
Tools Update - first week of november 2009
From: "SD List" <list () security-database com>
Date: Sat, 7 Nov 2009 21:55:36 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** Security-Database new updates (Saint Exploit mapping feature) ** by Tools Tracker Team - 6 November 2009 Security-database team is very happy to announce news changes and one great feature to its SD Vulnerability Cross Linker. New Feature : Vulnerability Dashboard is now linking to SAINT Corporation Exploits. When available, the CVE comes now with CVSS, CPE, CWE, OVAL and Saint ID. Here is an example for CVE-2009-3023. The mapping works also with vendors entries (MS, Gentoo, Sun...). Major changes : As an effort to be compliant with the latest CWE (Common Weakness Enumeration) (...) -> http://www.security-database.com/toolswatch/Security-Database-new-updates.html ** RIP str0ke (milw0rm) ... appears to be a Hoax ** by Tools Tracker Team - 4 November 2009 Updated : Followers has just received a tweet from str0kes twitter. @str0ke: Im not dead yet, just being trolled. This means someone has hacked into Edwards profile and spread a fake and loosy hoax. After all, we are very happy to see him up and running. News about his "fake" death: Security-Database must notify a sad information. Lamentably a great friend and companion have passed away, early this morning. str0ke (1974-04-29 - 2009-11-03) from Milw0rm, the bad news arrived and surprises (...) -> http://www.security-database.com/toolswatch/RIP-str0ke-milw0rm.html ** Graudit v1.3 released ** by ToolsTracker - 3 November 2009 Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. Version 1.3 Some signatures addes to existing databases Signature improvements to existing databases Added JSP ruleset Added ASP ruleset Improved testing USAGE Graudit supports several (...) -> http://www.security-database.com/toolswatch/Graudit-v1-3-released.html ** UCSniff v3.0 Released ** by ToolsTracker - 3 November 2009 UCSniff is a VoIP & IP Video Security Assessment tool that integrates existing open source software into several useful features, allowing VoIP and IP Video owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C/C++, and available on Linux and Windows, the software is free and available for anyone to download, under the GPLv3 license. Version 3.0 Real time VoIP and Video monitoring. [as presented at ToorCon 11, San (...) -> http://www.security-database.com/toolswatch/UCSniff-v3-Released.html New news items -------------------------- * Security-Database new updates (Saint Exploit mapping feature) * - 6 November 2009 Security-database team is very happy to announce news changes and one great feature to its SD Vulnerability Cross Linker. New Feature : Vulnerability Dashboard is now linking to SAINT Corporation Exploits. When available, the CVE comes now with CVSS, CPE, CWE, OVAL and Saint ID. Here is an (...) -> http://www.security-database.com/toolswatch/+Security-Database-new-updates+.html * RIP str0ke (milw0rm) ... appears to be a Hoax * - 4 November 2009 Updated : Followers has just received a tweet from str0ke's twitter. @str0ke: I'm not dead yet, just being trolled. This means someone has hacked into Edward's profile and spread a fake and loosy hoax. After all, we are very happy to see him up and running. Hope to see you for years to come. (...) -> http://www.security-database.com/toolswatch/+RIP-str0ke-milw0rm+.html Kind Regards Nabil OUCHN CEO & Founder www.security-database.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pen Tester Scripting infosec posts (Nov 04)
- Re: Pen Tester Scripting Robin Wood (Nov 05)
- Tools Update - first week of november 2009 SD List (Nov 09)
- Re: Pen Tester Scripting Robin Wood (Nov 05)