< Prev 1 2 3 4 5 6 7 8 9 10 11 Next >
Password Policy Enforcer
Password Policy Enforcer allows you to create and enforce up to 256 different password policies in a Windows domain. Policies are easily configured, and can be assigned to specific users, groups, and organizational units. An optional client component helps users to choose a suitable password, and reduces password related helpdesk calls. PPE is the only commercially available password filter specified in the "DISA Field Security Operations - Windows 2003/XP/2000 Addendum V5R1 [UNCLASSIFIED]" PPE can also integrate with ANIXIS Password Reset, a self-service password management system that allows users to securely reset their own passwords.
This is a public key based authentication model that works by verifying whether the user is in posession of his private key. The user should have Keygloo installed in his system for authenticating himself into any Keygloo enabled web application. During login time, the user will be thrown a challenge password encrypted using his public key. The user can decrypt the password by clicking a 'Decrypt' button which appears in his toolbar after installing Keygloo. The decrypted password is submitted to the Keygloo enabled application by clicking a 'submit' button on the page. The Keygloo enabled applcation then authenticates the user into the system by comparing the decrypted password with the original challenge password. A demonstration of how the model works can be found at http://www.keygloo.com/Authentication/auth_kgnum.html. Keygloo is free to download and install from http://www.keygloo.com/Downloads.htm.
Argosy TelCrest Enterprise Password Safe
Centralized password repository accessed via a web browser with multi-user access, audit logs, audit event email alerting, and much more.
BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named "Data Thief" that was published as PoC by appsecinc. BobCat can exploit SQL injection bugs/opportunities in web applications, independent of language, but dependent on MS SQL as the back end DB.
Windows Permission Identifier
This tool enables administrators and penetration testers to review and audit the permissions of users on a windows machine. Windows Permission Identifier can check; File ACLs Folder ACLs Registry ACLs Services Permissions Shares Installation rights Internet Access and so on. The GUI enables the administrator to create policies that can be saved in XML format. The windows machines permissions are then checked against this policy. This enables administrators to run checks against existing organisational windows security baseline documents. Policies can be saved in XML format and all results can be exported for further use. WARNING: The policy that is included is a sample of the functionality of the tool. It is not a security policy that should be followed. Report Bugs & send your own policy files : nhouse[at]stationx.net It would be very useful to the community if you send me any policies you create. For example, Web server, desktop, domain controller or what ever you create. I will upload your policy files to the site and credit you.
KeePass Password Safe
KeePass is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). The best password management software (for a single user) that I've seen.
Acunetix Web Vulnerability Scanner
Audit your website security: Acunetix Web Vulnerability Scanner checks your web applications (shopping carts, forms, dynamic content, etc.) for vulnerabilities to SQL injection, Cross site scripting & other web attacks. Hackers are concentrating their efforts on websites: 75% of cyber attacks are launched on web applications! Scan your web site today and find vulnerabilities before hackers do!
JProbe will check remotely for supported cipher suites on a webserver. It will also check for redirections in case a cipher is supported but the client is then directed to a "not valid cipher" page. JProbe also will export the results to an HTML page. (Additionally you can set cookies)
Thor is Internet Explorer driven tool for manual web application testing. Both security professionals and testers found it useful while testing web applications. You can control (intercept and change) what web forms submit to web servers, see the source code of the page and/or manipulate cookies. It supports frames and, if required, it is possible to use HttpWebRequest instead of IE navigation. Built for .NET Framework 2.0 and, as it uses IE COM control, it requires FullTrust. Sorry, no proper web page or manual yet, but give me a shout if you need more information... pak76
LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html <form> tags , which often refer to dynamic pages that might be subject to sql injection or other flaws.
Browse by category