On Friday October 9th at 12:00 PM I will be speaking at the Utah Open Source Conference on how to put together a kit of security tools using open source software. I discuss a fictional company that we work at and some of the things that we can put in place to help secure the environment and handle some of the requests that get thrown our way. The slides can be downloaded here. I hope to have video of the presentation up later.
Here are the apps I cover and where you can got to get more information on them. I’ve also got some community resources to go check out.
Network Security and Monitoring
Nmap – http://nmap.org/
OpenVAS – http://openvas.org/
Snort – http://www.snort.org/
Emerging Threats – Snort rules – http://www.emergingthreats.net/
BASE – http://base.secureideas.net/
Sguil – http://sguil.sourceforge.net/
OSSEC – http://www.ossec.net/
Kismet – http://www.kismetwireless.net/
Web Security
Nikto – http://www.cirt.net/nikto2
Log Analysis – http://www.loganalysis.org
PHPIDS – http://php-ids.org/
ModSecurity – http://www.modsecurity.org/
Penetration Testing
WebGoat – http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Mutillidae – http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
Hacme Bank, Books, etc – http://www.foundstone.com/us/resources-free-tools.asp
Paros – http://www.parosproxy.org/
WebScarab – http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp Suite – http://portswigger.net/suite/
Privoxy – http://www.privoxy.org/
Tor – http://www.torproject.org/
w3af – http://w3af.sourceforge.net/
Beef – http://www.bindshell.net/tools/beef/
Metasploit – http://metasploit.com/
Backtrack – http://www.remote-exploit.org/backtrack.html
SamuraiWTF- http://samurai.inguardians.com/
Forensics
Caine – http://www.caine-live.net/
Deft Linux – http://www.deftlinux.net/
Helix – http://www.e-fense.com/
Etc…
Top 100 Security Tools – http://sectools.org/
Podcasts
Pauldotcom – http://pauldotcom.com/
Exotic Liability – http://exoticliability.com/
Securabit – http://www.securabit.com/
CyberSpeak (forensics) – http://cyberspeak.libsyn.com/
Community Groups
ISSA – http://www.issa-utah.org/
OWASP – http://owasp.org/
Hack SLC hacker space – http://www.hackslc.com/forum/latestnews.php
Defcon – http://defcon.org/
- Why Don’t We Hear About Western Cyber-Attacks? - September 17, 2023
- Interview with Carrie Roberts - March 27, 2020
- Interview with Michael Santarcangelo - March 4, 2020