Monday 18 April 2016

Security Products / Tools


13JAN
Security Testing Tools:
Application Security Scanner
  • IBM AppScan
  • HP WebInspect
  • Portswigger Burp Scanner
Application Proxy for Manual Vulnerability Assessment
  • Portswigger Burp Proxy
  • OWASP ZAP
Static Code Analysis 
  • HP Fortify
  • IBM AppScan Source
Network Vulnerability Scanning
  • Nessus
  • Nexpose
  • Qualys
Network Security Assessment
  • RedSeal – to assess security of a network, firewall configuration
  • USBDeview – to get information on all USB devices connected currently and previously to a computer
Network Penetration Testing
  • Nmap – port scanning
  • Wireshark – packet sniffing
  • Scapy – packet manipulation
  • Very Simple Network Scanner – to ping windows based platforms
  • Firewalk –  to enumerate firewall rule set, works similar to Traceroute, currently the tool functionality is merged with NMAP
  • Useful windows utilities:
    • netstat – to obtain information on current TCP/UDP connections, routing table
Wireless Penetration Testing
  • Kismet – identify wireless access points
  • aircrack-ng – crack wifi key
Exploitation
  • Metasploit
 SAP security scanner
  • Onapsis
  • Virtual Forge – static code analysis for SAP and ABAP
Network Security:
  • Cisco Meraki – Cloud managed networking and security
  • CyberArk
  • FireEye
  • Infoblox – to improve network uptime and protect from DDOS attacks
Network Access Control
  • Cisco ISE
  • ForeScout CounterACT
Network Firewall
  • Juniper NetScreen
  • Palo Alto
  • Cisco ASA
  • Dell SecureWorks
Web Application Firewall (WAF)
  • f5
  • Websense
Advanced Threat Detection:
  • IBM QRadar – easy to use – it has three main servers (syslog, netflow, management)
  • Damballa Failsafe
Endpoint Security:
  • CIS-CAT – assess the benchmark for desktops
  • Bit9
  • Carbon Black
  • Fedelis
Encryption:
Desktop EndPoint Security
  •  BitLocker
  • Data Guardian – Data Loss Prevention (DLP)
  • Tanium
Document Encryption Tools
  • Safenet
  • Protegrity
  • Townsend
  • Varmetric
Identity Management:
  • Enterprise RBAC – protect privileged accounts, service accounts
  • OIM
  • OPAM
  • Oracle Adaptive Access Manager (OAAM) – session recording on jumpbox
  • CyberArk
IT Infrastructure Management:
  • SolarWinds
  • ServiceNow
  • Sapphire IMS – to manage distributed IT assets
Log Management:
  • Splunk
Password Management on Desktop:
  • Keeper

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)