NIST announces the release of Draft Special Publication 800-137 (initial public draft), Information Security Continuous Monitoring for Federal Information Systems and Organizations.
The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider
NIST is pleased to announce the release of Special Publication 800-132. Recommendation for Password-Based Key Derivation Part 1: Storage Applications. This Recommendation specifies techniques for the derivation of master keys from passwords or passphrases to protect stored electronic data or data protection keys.
Source: Blog Rapid7
The Metasploit Framework and the commercial Metasploit products have always provided features for assessing the security of network devices. With the latest release, we took this a step further and focused on accelerating the penetration testing process for Cisco IOS devices.
17
Dec
ProcDump v3.01 released
ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike
Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ptrace() API/POSIX signal interface to detect and log crashes.
BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which command module and at which target
The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied HTML/CSS is in compliance within an application's rules. Another way of saying that could be: It's an API that helps you make sure that clients don't supply malicious cargo code in the HTML they supply for their profile, comments, etc., that get persisted on the server. The term "malicious code" in regards to web applications usually mean "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the JavaScript engine
17
Dec
ioctlfuzzer v1.2 released
IOCTL Fuzzer is a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them
17
Dec
Metasploit v3.5.1 released
The Metasploit Framework is a development platform for creating security tools and exploits.