We have been working with The Open Web Application Security Project (OWASP) to develop a Linux-based LIVE CD. The goals of the project are to create a Live/Bootable platform to perform application security testing. The core of the project is the depth of information and research tools that OWASP has developed or is in with direct affiliation. Training is also a HUGE benefit of this tool. It can be used in most stages of the SDLC.
Including:
OWASP Guide
Mono .Net Libraries for Linux
OWASP Pen-testing guide
WebGoat
WebScarab
Etc.
References:
WebServers
Coding
DNS
Etc.
Tools from PacketFocus;
Nmap
Nessus
MetaSpoit Project ( 2.5 and 3)
Hping2
TCPDump
Yersinia
Amap
Queso
Hydra
John
Dictionaries
TCPReplay
NIkto
Stunnel
RFIDtools
VOIP Tools
PAROS
Exploits:
Security Focus and Milw0rm Archives
PacketFocus "cool tools" collection for pen-testing
Correlation
STIF Framework
This is just a brief list off the top of my head. Project should be formalized once initial testing of the base live OS is complete.
So far choice is a Debian based Morphix derivative. Slackware 10.2 was a great platform but didn't work well working from a laptop. So this first release will probably be on whatever OS works first.... Again, so far that has been Morphix. We are looking forward to the new release of the Morphing CD. After everything is stable we will do a test of SLAX vs. Morhpix to see what happens.
Be on the lookout for the first release in about a month or so. Check the website www.packetfocus.com for details.
JP
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment