Information Security Links
Although Seven Stones takes an independent stance and we do not currently have any reseller links with software vendors, we do have experience and knowledge with various commercial software products. Where such a product is deemed valuable to a client in a specific scenario, we would of course advise accordingly.
Literatecode - was established in 2003 as an informal R&D lab and reorganized to a registered business in 2012.
LiterateCode specializes in applied research and experimental development to help companies and individuals defend themselves against security threats.
Web Application Testing
Very few commercial products available on the market today are worthy of mention. This does not mean that we are pro - open source / free software. We take a balanced view. Occasionally a commercial product will have some ROI for clients, but this is subjective, and there are very few cases where:
- the product does what is says it does according to its formal specifications
- the product is likely to come close to justifying it's price tag
These are links to mostly open source tools, which from personal experience we did actually gain some benefit (and therefore - so did our clients) and pleasure from their usage...
Armorise - commercial products. Get them before "Big Software" acquires the company and their quality is diluted.
John The Ripper - password enumeration
nmap - open source, highly functional, configurable, and reliable port scanner
Knoppix - Bootable linux CD / USB thumb drive, complete with a wide range of security tools
hping2 - TCP/IP packet generator and analyser, allowing such useful functions as multi-protocol traceroutes
xprobe2 - OS fingerprinting tool by Fyodor Yarochkin, Ofir Akin, and Meder Kydyraliev
perl - deserves a mention as the mother of all exploits and it's a personal favourite for coding on-the-fly
metasploit - a Ruby based framework for exploit writers and exploit testers
wireshark - formerly Ethereal, this is my favourite sniffer
snort - Commonly thought of as a free IDS, but more generally, when you want to get "deep down and dirty" with TCP/IP packet sniffing and analysis - snort is ideal
netcat - touted as the "swiss army knife" for TCP/IP, this is one of the most commonly used tools in manual penetration testing, for performing various different protocol analysis and tunneling operations
kismet - Wireless 802.11 variants analysis tool
ADMsnmp - an snmpd audit scanner
nikto - Web application / server vulnerability scanner
dnascan_rls.pl - A perl script for assistance in finding common misconfigurations and information leaks in ASP.NET applications
Warvox - a suite of tools for exploring, classifying, and auditing telephone systems
Red Database Security - Oracle testing tools
Management Standards, Buzzwords
These are links for sites that cover management related subjects, international standards:
DoD Information Assurance Technology Analysis Center
Open Security Architecture
CISSP related from the new God of CISSP and Management buzzwords
International Organisation for Standardisation
US national institute of Standards and Technology
International Systems Audit and Control Association
COBIT - Best practices for IT systems management
Jobsites / Careers