Tools Update - Third week of January 2010

["SD List" <list () security-database com>]

Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


         New articles
         --------------------------


** NeXpose vulnerability checks updated - IE 0day included- **
by  Tools Tracker Team
- 22 January 2010

NeXpose is a unified vulnerability solution that scans networks to
identify the devices running on them and to probe these devices for
vulnerabilities. It analyzes the scan data and processes it for reports.
You can use these reports to help you assess your network security at
various levels of detail and remediate any vulnerabilities quickly.

The vulnerability checks in NeXpose identify security weaknesses in all
layers of a network computing environment, including operating systems,
(...)

->
http://www.security-database.com/toolswatch/NeXpose-vulnerability-updated-IE.html


** Vulnerability Manager v20100115 in the wild **
by  Tools Tracker Team
- 22 January 2010

Denim Group's Vulnerability Manager allows security teams to import and
consolidate application-level vulnerabilities, automatically generate
virtual patches, monitor attack attempts, communicate with defect tracking
systems, and evaluate team maturity. Because this is done in a centralized
system, application security managers have greatly increased visibility
into and control of these processes, and they are collecting data that can
be used to support sophisticated conversations with (...)

->
http://www.security-database.com/toolswatch/Vulnerability-Manager-v20100115-in.html


** OWASP TOP 10 2010 French version released **
by  Tools Tracker Team
- 21 January 2010

The OWASP Top Ten provides a powerful awareness document for web
application security. The OWASP Top Ten represents a broad consensus about
what the most critical web application security flaws are. Project members
include a variety of security experts from around the world who have shared
their expertise to produce this list.

OWASP French leader Sebastien Gioria has just released the French version
of the "must-have" document OWASP Top 10 2010 (rc1).

Please get your "French" copy from (...)

->
http://www.security-database.com/toolswatch/OWASP-TOP-10-2010-French-version.html


** John the ripper updated to v.1.7.4.2 **
by  Tools Tracker Team
- 21 January 2010

John the Ripper is a fast password cracker, currently available for many
flavors of Unix (11 are officially supported, not counting different
architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to
detect weak Unix passwords. Besides several crypt(3) password hash types
most commonly found on various Unix flavors, supported out of the box are
Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with
contributed patches.

Changes:

Major performance (...)

->
http://www.security-database.com/toolswatch/John-the-ripper-updated-to-v-1-7-4.html


** Nmap v5.20 released **
by  Tools Tracker Team
- 20 January 2010

Nmap ("Network Mapper") is a free open source utility for network
exploration or security auditing. It was designed to rapidly scan large
networks, although it works fine against single hosts. Nmap uses raw IP
packets in novel ways to determine what hosts are available on the network,
what services (application name and version) those hosts are offering, what
operating systems (and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other (...)

-> http://www.security-database.com/toolswatch/Nmap-v5-20-released.html


** NetReconn v1.75 released **
by  Tools Tracker Team
- 19 January 2010

A small set of tools based on previous reference programs and scripts.
Currently consists of: tiny network strobe, sniffer and payload decoder.

These tools are not meant to replace current tools out there; they are
designed to be small, fast and "do one thing well".

Since our last covered released:

version 1.75

Fixed a segv when host-part is used

Added the nlist wrapper

Trimmed output for pingonly scans

version 1.74

Fixed ntrace savelog for nstrobe data

Added pingonly to ntrace (-P (...)

->
http://www.security-database.com/toolswatch/NetReconn-v1-75-released.html


** Browser Fuzzer v3 released **
by  Tools Tracker Team
- 19 January 2010

Browser Fuzzer 3 (bf3) is a comprehensive web browser fuzzer that fuzzes
CSS, DOM, HTML and JavaScript.

Browser Fuzzer 3 is designed as a hybrid framework/standalone fuzzer; the
modules it uses are extendable but also highly integrated into the core.
bf3 can be used via command line to set all necessary flags for each
fuzzing operation. After initialization, bf3 creates test cases in a
numbered system. Fuzzing is automated through the browser using the refresh
method. If error is detected, (...)

->
http://www.security-database.com/toolswatch/Browser-Fuzzer-v3-released.html


** (Info) SQLmap v0.8 stable soon to be released **
by  Tools Tracker Team
- 19 January 2010

SQLmap is an automatic SQL injection tool entirely developed in Python. It
is capable to perform an extensive database management system back-end
fingerprint, retrieve remote DBMS databases, usernames, tables, columns,
enumerate entire DBMS, read system files and much more taking advantage of
web application programming security flaws that lead to SQL injection
vulnerabilities.

->
http://www.security-database.com/toolswatch/Info-SQLmap-v0-8-stable-soon-to-be.html

Regards

Nabil OUCHN
CEO & Founder
Security-Database
France

Maximiliano Soler
ToolsWatch Leader
Security-Database
Argentina






------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------