Highest Voted 'tools' Questions - IT Security Stack Exchange

122

votes

6 answers

How to find out what programming language a website is built in?

I think that it's fundamental for security testers to gather information about how a web application works and eventually what language it's written in. I know that URL extensions, HTTP headers, session cookies, HTML comments and style-sheets may…

asked Mar 11 '16 at 10:26

storm

1,714
4
16
25

63

votes

16 answers

What tools are available to assess the security of a web application?

What tools are available to assess the security of a web application? Please provide a small description of what the tool does. Update: More specifically, I'm looking for tools that assume no access to the source code (black box).

appsec web-application penetration-test tools web-scanners

asked Nov 11 '10 at 22:12

Olivier Lalonde

5,039
8
31
35

48

votes

5 answers

Open-source penetration-test automation

What order do typical open-source penetration tests operate? Which tools are run first, second, third -- and how do you control them? Does one simply use Metasploit RC files? A network vulnerability scanner in a special way? A command-line, custom,…

penetration-test tools vulnerability-scanners network-scanners

asked Nov 15 '10 at 23:31

atdre

18,885
6
58
107

48

votes

5 answers

What's an easy way to perform a man-in-the-middle attack on SSL?

I'd like to perform a man-in-the-middle attack on SSL connections between clients and a server. Assuming the following: I've got a certificate that the client will accept, via poor cert validation or other means. I know the IP address of the server…

tls tools man-in-the-middle

asked Mar 29 '13 at 13:09

Polynomial

132,208
43
298
379

40

votes

5 answers

How should source code security be checked?

How to check whether the source code of an open-source project contains no malicious content? For example, in a set of source code files with altogether 30,000 lines, there might be 1-2 lines containing a malicious statement (e.g. calling curl…

malware source-code tools

asked Oct 26 '18 at 12:37

tonychow0929

2,247
3
13
14

30

votes

8 answers

Best way to administer all my passwords

I am trying to figure out what the best solution is to store different types of passwords: Personal passwords (my personal email, my company's email, all the services I use to buy things like Amazon, etc.) My business passwords (all the tools…

passwords password-management tools

asked Nov 26 '15 at 17:46

Lautaro Rosales

403
4
7

29

votes

7 answers

How to keep an eye on upgrades, patches and security issues for used open-source libraries?

For a project with many open-source libraries as a part of it, I began to search for information source concerning all upgrades and security issues. The kind of sources I gathered are either announcement list or issue/bug tracker in the form of RSS…

professional-education tools known-vulnerabilities java

asked Nov 26 '10 at 10:32

Eldros

391
2
6

28

votes

4 answers

What benefits does Nessus have over OpenVAS?

Nessus and OpenVAS appear to have fairly similar features. Why would you choose one over the other, besides the benefit of commercial support (which isn't available for Nessus Home Feed users anyways)?

network tools network-scanners

asked Nov 14 '10 at 15:42

atdre

18,885
6
58
107

25

votes

4 answers

Reduce Noise when Penetration Testing

Recently I participated in a capture the flag competition which was attached with SOC analysis teams monitoring our traffic. There we were told that many tools were very noisy. Eg Sqlmap which has its full header. As all of us were new so we weren't…

penetration-test ids tools detection ctf

asked Aug 26 '17 at 20:02

Khopcha

465
5
11

22

votes

7 answers

Convenient cross-platform help on checking secure hashes like SHA-256

It is often helpful to be able to obtain a good cryptographic checksum of a file, e.g. the SHA-256 hash. This can be used to verify file integrity, so long as you have a reliable source for the hash. Support for both SHA-256 and MD5 from the…

windows hash linux tools macos

asked Nov 06 '11 at 17:15

nealmcb

20,544
6
69
116

22

votes

7 answers

Computer Forensics: what is in your toolbox?

What tools do you use for collecting evidence, making disk images, inspecting live memory and so on?

forensics tools

asked Nov 11 '10 at 22:21

gbr

2,000
1
16
22

21

votes

4 answers

Testing clean urls with sqlmap

Is it possible to test for SQL injection vulnerabilities with using sqlmap with a url that is using mod rewrite (or something like it) to make the urls clean? I know how to test my sites that have urls like: http://mysite.com/?id=1 But what about my…

appsec web-application tools sql-injection url-redirection

asked Aug 02 '11 at 16:48

chadgh

319
1
2
4

21

votes

6 answers

Backing up sensitive data - pitfalls and best practices

Obviously, securely backing up sensitive data is a challenge. A remote backup is important for surviving a variety of disasters. What are some of the "gotcha's" lurking out there, and what best practices can avoid them? To make it a bit more…

encryption tools backup

asked Jan 05 '11 at 03:01

nealmcb

20,544
6
69
116

20

votes

6 answers

Browsing exploits with Metasploit console

Is there any way to browse certain exploits in MSFconsole? The show exploits command shows too many and I cannot find a way to show just Windows file format exploits, for example.

tools vulnerability-scanners metasploit

asked May 30 '11 at 11:29

Sonny Ordell

3,476
9
33
56

18

votes

4 answers

Criteria for Evaluating Static Analysis Tools

As with any tools purchase part of the outcome is in how good the evaluation criteria are, so it is important to understand the criteria people might use when assessing Security static analysis tools. Obviously the weighting on each criterion would…

appsec tools code-review static-analysis vendor-selection

asked Sep 20 '11 at 11:50

Rory McCune

60,923
14
136
217

Questions tagged [tools]