ERPScan has released ERPScan Security Scanner for SAP 2.0 - a complex solution to continuously monitor all areas of SAP security, from vulnerability assessment and misconfigurations to ABAP code review and analysis of business-critical privileges.

One of the most significant changes is a new module which can make static analysis of ABAP code security. It makes ERPScan the only solution on the market which makes both security assessment of platform and code review.

The number of anonymous checks which can be performed in Penetration testing mode ha been significantly increased to help companies identify issues without using credentials in the system.

The new engine can help to perform audit and compliance checks not just through RFC - it allows making complete scan through the web-interface which is a great feature for external penetration tests and can make pen-testers' lives easier.

More new functions:

• Support of different web application types (bsp/iviews/jsp/webservices/webdynpro's)
• More than 5000 different checks covering misconfigurations, vulnerabilities, access to web-applications; search for 50 different types of vulnerabilities in ABAP code
• Elaborated black-box vulnerability assessment
• Cataloguing of SAP systems and services

"Today, almost all critical operations like procurements, stock resources management, human resources management, financial reports and much more, and all the data related to them, are stored in SAP system. This is why the main target for an insider or an external attacker would be to gain illicit access to SAP with the purpose of malicious manipulation of company resources," says Alexander Polyakov, CTO of ERPScan.

"In spite of the increasing popularity of ERP systems security in the security community, companies are still vulnerable to cybercriminal and insider attacks. At this moment SAP has released more than 2000 Security notes closing various vulnerabilities, which is quite a lot, especially if you keep in mind that sometimes it is enough to get access to all business critical data through only one issue. An example was presented at BlackHat last summer. On the other side, almost every company develops custom ABAP code which can also have vulnerabilities and backdoors left by developers",

"SAP security assessment, according to our experience, usually takes quite a long time. Additionally, the complexity of the system and the large amount of different installation types require the participation of specialists from various fields of security. Even the application server may have either ABAP or Java platform, and they require completely different specialists, not to mention particular applications and modules. ERPScan allows you to significantly simplify the task of assessment by automating most of the ordinary checks, so you can pay more attention to the analysis of the customized part", he concludes.

You can see more info at:  http://erpscan.com/

Hello readers and welcome to issue #8.

It's been a while since the release of the last issue and no, we are not dead yet.

First, some bad news - this issue has less goodies compared to all the previous issues :( but that's only because we've been busy preparing something really REALLY special for you before the world ends ;)

Yes, we are big fans of the ancient Mayans and since this will be the last ever HITB conference in their calendar, we are working extremely hard to make sure HITB2012KUL in Malaysia will be the biggest and baddest HITB conference... ever! Trust us when we say the pain of missing our 10th year anniversary event is beyond words!

In the meantime, please enjoy all the little things we've put together for you in Issue 008 and be prepared for some really juicy stuff coming to you later this year! Till then - keep on hacking!

Have fun reading this issue and more to come in issue #9!!

Issue #8 is now available CLICK HERE to get it!

Zarul Shahrin Suhaimi
Editor-in-Chief,
Hack in The Box Magazine

1. w3af

Acunetix WVS or Web Vulnerability Scanner is a pentesting tool for Windows users so that they may be able to check for SQL Injection, Cross Site Scripting (XSS), CRLF injection, Code execution, Directory Traversal, File inclusion, checks for vulnerabilities in File Upload forms and other serious web vulnerabilities. You can download this tool here.

3. SQLninja

SQLninja is a an sql injection tool for web applications that use Microsoft SQL Server as its back-end though it runs only in Linux, Mac and BSD. It requires perl modules; NetPacket, Net-Pcap, Net-DNS, Net-RawIP, and IO-Socket-SSL. You can download this tool here.

4. Nikto

Nikto is an open source web server scanner “which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files or CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers." The good thing about Nikto is that it easy to use and and performs scanning faster. Nikto is coded in Perl and written by Chris Sullo and David Lodge. Although not all checks are really a big security problem but most are like XSS (Cross Site Scripting) Vulnerabilities, phpmyadmin logins, etc. Nikto alerts and gives you security tips in order to prevent your website from various attacks.

5. SQLmap

SQLmap is an open source automatic SQL injection and database takeover tool that fully supports MySQL, Oracle, PostgreSQL and Microsoft SQL Server. It partially supports Microsoft Access, DB2, Informix, Sybase and Interbase. Download sqlmap here.


6. Pangolin 3.2.3

Pangolin is another sql injection scanner for web applications using Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008, MySQL, Oracle, PostgreSQL, Sqlite3, and Sybase. Its features include keyword auto analysis, supports HTTPS, has bypass firewall setting, injection digger, data dumper, etc. You can download its zip file here. 

7. Havij v1.15 Advanced SQL Injection

Havij is another famous automatic sql injection tool that has a free and premium version. The free version only supports a few injection methods like MsSQL 2000/2005 with error, MsSQL 2000/2005 no error union based, MySQL union based, MySQL Blind, MySQL error based, MySQL time based, Oracle union based, MsAccess union based, and Sybase (ASE). It also includes an admin finder and an md5 cracker. 


8. SQL Power Injector 

SQL Power Injector is a web pentesting application created in .Net 1.1 that helps the penetration tester and hackers find and exploit SQL injections on a web application that uses SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing Database Management System when using the inline injection or normal mode. You can download the latest version of this tool which includes a Firefox plugin here.

9. VulnDetector

VulnDetector is a project coded in python which scans a website and detects various web based security vulnerabilities in the website. It was developed by Brad Cable who is into coding open source tools. You can download the script here.

10. SQLIer 0.8.2b

SQLIer is another project of Brad Cable and is a shell script that determines all the necessary information to build and exploit an SQL Injection vulnerability to a URL by itself without user interaction unless it can't guess the table or field names for the database correctly. SQLIer can build a UNION SELECT query designed to brute force passwords out of the database. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites. Download the shell script here.

11. bsqlbf-v2

bsqlbf-v2 or Blind Sql Injection Brute Forcer version 2 is a perl script that allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. It supports MySQL, Oracle, PostgreSQL and Microsoft SQL Server databases. You can download the perl script on a Google hosted project.

12. Marathon Tool 

Marathon Tool is an alpha release SQL Injection tool or project that extracts information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases by using Time-Based Blind SQL Injection attack. The alpa release can be found here.

13. XSSer 

XSSer or Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It also includes a GUI interface by using the command : ./xxser --gtk. You can download xxser's beta version here.

14. ASP Auditor v2.2

ASP Auditor v2.2 is a an auditing tool for ASP that sends initial probe request, path discovery request, ASP.NET validate discovery request, ASP.NET Apr/07 XSS Check, application trace request, and null remoter service request. By using the opt command -bf, it allows you to brute force ASP.NET version using JS Validate directories.

15.Absinthe

"Absinthe is a GUI-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection.    This tool does not aid in the discovery of SQL Injection holes but speeds up the process of data recovery." It supports Microsoft SQL Server, MSDE, Oracle, and Postgres and the tool runs on Linux, Windows and Mac OSX. Download here.

16. SQID

SQID or SQL injection digger is a command line tool written in ruby by Metaeye Security Group that looks for SQL injections and common errors in web sites. It performs a Google search when finding for SQL injections and common errors in web site URLs and crawls a webpage. You can download this tool by checking out its project SVN:

svn checkout svn://rubyforge.org/var/svn/sqid 

17.DarkMySQLi

DarkMySQLi is a multi purpose MySQL Injection tool coded in python which is also available for BackTrack 5 as one of its packed tools.

18. fimap 

fimap is an automatic LFI/RFI scanner and exploiter coded in python by Iman Karim. It allows a pentester to scan a single URL for File inclusion errors, scan a list of URLS for File Inclusion errors, scan Google search results for FiIe inclusion errors, and harvest all links of a webpage with recurse level of 3 and write the URLs to a file directory.

19.Script Hex Dump – Forensic Tool

Script Hex Dump - Forensic Tool is a java application that helps you in parsing your scripts like PHP and automatically converts it as a hex value, some penetration testers use this to test for possible sql injection vulnerability in a website. SQL Injection attack has been a chronic threat especially for those websites running PHP and MySQL as the backend of their database server, one of its capability if the server is not properly configure is the command for writing arbitrary files. You can download this tool here.

20. PHP Vulnerability Hunter

PHP Vulnerability Hunter is a PHP web application fuzzer that scans for common vulnerabilities like local file inclusion, SQL Injection, full path disclosure, arbitrary command execution and many more. A good tool for analyzing your own web server. You can grab the new version of this toolhere which is 1.1.4.6.

21. WSTOOL : Web vulnerable scan tool

WATOOL is a server error and SQL Injection, XSS or Cross Site Scripting scanner which uses PHP Check up collate with HTML FORM and LINK. You can download this tool here.

22. ProjectX WHMCS Pentesting Tool v.1

Projectx WHMCS Pentesting Tool v.1 is a vulnerability scanner coded in VB.NET that uses a black box approach. It echos the db_username and the db_password of a website that is vulnerable to WHMCS Local File Disclosure. This kind of vulnerability is only applicable to versions 3.x.x and some 4.x.x which was a viral exploit last year that some website administrators took for granted. You can download the tool here.

23. Wpscan 

WPscan or Wordpress Security Scanner is a pentesting tool written in ruby for Wordpress installations. The tools is coed by Ryan Dewhurst which uses a black box approach in finding security holes for Wordpress like timthumb, easy to guess passwords, plugin holes, etc. You can download wpscan here.

24. Skipfish

Skipfish is an active web application security reconnaissance tool written by Michal Zalewski. Skipfish spiders a URL using the wordlists, a very powerful web scanning tool with a simple implementation. It also scans for vulnerabilities like php injection, XSS, format string vulnerabilities, overflow vulnerabilities, file inclusions , etc. You can download this tool here.


25. WhatWeb

WhatWeb is a web scanner coded by Andrew Horton aka urbanadventurer from Security-Assessment.com. It is used for information gathering because it identifies content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers, etc. You can download this tool here.

26. OWASP ZAP 

Zed Attack Proxy (ZAP) is a project of OWASP which is a GUI penetration testing tool for finding website vulnerabilities and flaws. This open source tool includes features like  intercepting proxy, active scanner, passive scanner, brute force scanner, spider, fuzzer, port scanner,  dynamic SSL certificates, API, and Beanshell integration. For more information about this tool, check out their website.

27.  Webshag

Webshag is a multi-threaded, multi-platform web server auditing tool coded in python. It is used for crawling a URL, port scanning, file fuzzing and audits your website. You can download this security auditing tool here.

28. OWASP DirBuster

DirBuster is another project of OWASP that a multi threaded java application designed to brute force directories and files names on web/application servers that uses a black box approach for application testing by trying to find hidden content. You can download this tool here.

29. Grendel-Scan

Grendel-Scan is free and open source web application pentesting tool that has an automatic scanning feature which detects common web application vulnerabilities, and features geared at aiding manual penetration tests. Get this tool now.

30. Mopest

Mopest is a PERL Local PHP Vulnerability Scanner for exploits PhpBB 2.0.20 Disable Administrator, PhpBB 2.0.19 Denial of Service - Infinitely topic, phpBB 2.0.15 Database Authentication Details, Invision Power Board 2.0.2 Multipl Users DoS, Invision Power Board 2.1.5 Code Execution, MyBB 1.0 RC4 Sql injection, MyBB 1.1.3 Create An Admin, MyBB Sql Injection, and WordPress 1.5.11 Sql Injection. It also has tools like Fake Mailer, Email Bomber, and MD5 Cracker.  You can check out this project here.

31. SecuBat

SecuBat is another web vulnerability scanner which automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities. You can check this tool here.

32. Arachni

Arachni is an open source web application security scanner framework coded in ruby that helps website administrators and penetration testers evaluate the security of a web application. Arachni asks you for the URL of the target and it automatically performs a simple scan and presents you with its findings which could be a very risky flaw or loophole. You can download this tool here.

33. WebSlayer


WebSlayer is another OWASP project that slays your web application by brute forcing the GET and POST parameters, checking the directories, brute forcing the login forms, fuzzing, brute forcing sessions, Ntml brute forcing, and many more. For more information of this project just check this site.

34. Burp Suite

Burp Suite is penetration testing tool and integrated platform for website security. Burp Suite has cool features like an intercepting proxy, application spider for crawling, detects numerous web application vulnerabilities, repeater tool, allows you to write your own plugins, and many more. The free edition is available for download here.

35. ProxMon


ProxMon is not a Digimon but a Python based open source framework that automates web application tests. Its key features include:

- automatic value tracing of set cookies, sent cookies, query strings and post parameters across sites,
- proxy agnostic
- included library of vulnerability checks
- active testing mode
- cross platform
- easy to program extensible python framework

You can download this tool here.

Original post at:
http://blog.rootcon.org/2012/03/introducing-35-pentesting-tools-used.html?m=1  

Good day everyone,

My good friend Balwant Rathore has jobs opening in both Kuwait and Dubai.

See the profiles he is looking for below.  Please only answer if you have the full 5 years+ of practical experience and you're willing to work in Kuwait or Dubai.

See job offers below and contact information.

Best regards

Clement

SEE MESSAGE FROM BALWANT BELOW:

I am looking for Freelancer/Consultant for followings projects:

1.      ITIL Implementation

2.      Business Continuity Management (BCM) Implementation

3.      Information Security Management System Implementation

For all three categories some amount of training skills are also required.

Experience required = 5+ years.

Project Location = Dubai and Kuwait

Start Date = As soon as possible, even today.

Payment – Best in Industry, as per experience.

If you know anybody who may be fit for above, please ask them to contact me at balwant_rathore@oissg.org

Kind regards,

Balwant

Accordint to the ISC²® press release this transition provides numerous benefits to candidates, members and the information security community, including:

• Fair and precise evaluation of a candidate’s competency
• Rapid turnaround of exam results
• More choices as to when and where to take the exam
• Easier registration
• Fortified exam security

All (ISC)² credential exams will be offered globally at approved Pearson VUE testing centers.

Currently, all (ISC)² exams offered via CBT are available in English, with the CISSP and SSCP exams also available in Brazilian Portuguese at any of the approved  Pearson VUE testing centers in Latin America.  The CISSP exam is also available in Spanish throughout Latin America.   

Candidates can register directly through PearsonVUE

This is really good news for all

Best regards

Clement

Clement Dupuis, CD
Owner and Founder of CCCure
CLO at Secure Ninja

With 80% of its target market overseas Secure Ninja expands globally to meet the growing demand for Information Security training and service solutions.

Secure Ninja is pleased to announce the appointment of Leonard Chin as Vice President to lead its international marketing and business development.   In response to the global opportunity for its leading edge security services, Secure Ninja also announces its expansion into Europe, the Middle East and Africa (EMEA), along with select markets in Asia Pacific and South America.

With a decade of experience in developing new business and driving international sales, Leonard will be a key asset to Secure Ninja as the company grows its customer and value-added reseller (VAR) base in the coming year.

Leonard possesses extensive field experience specializing in sales and marketing functions across numerous industries including finance, conference, seminars, franchise, technical training and education. Leonard has established countless strategic partnerships with numerous Fortune 500 companies and government organizations. Leonard is well known as a conference specialist, having successfully managed a string of highly successful EC-Council conferences during his tenure. He was instrumental in conceptualizing and organizing the first Hacker Halted USA in 2008 and thereafter making it a mainstay in Miami. Leonard was responsible for launching, designing and directing the highly technical TakeDownCon series, which was recently hosted in Dallas and Las Vegas in 2011.

“We are delighted to have Leonard Chin on our team. He is an extremely knowledgeable and well-connected infosec business professional who possesses great leadership ability and outstanding communication skills, which are crucial elements to effectively manage and influence people towards meeting our company’s international business objectives,” said Ned Snow, President, Secure Ninja. “By combining Leonard’s expertise to manage a strong team of subject matter experts and sales engineers in key regions, Secure Ninja will be well positioned for our next phase of innovation and growth.”

Prior to this appointment, Leonard was a key executive at EC-Council, creator of the world renowned Certified Ethical Hacker (CEH) programs as well as numerous other recognized certifications such as the CHFI, ECSA and Licensed Penetration Tester (LPT). He held various roles within the organization including Director of Marketing, and Director of Conferences & Events, as well as concurrently being the Conference Director for both the TakeDownCon and Hacker Halted conference series. And in 2011, he was appointed as the Vice Chair of the world’s first international team ethical hacking games - the Global CyberLympics.

"It is an honor and I’m excited to be part of Secure Ninja’s immensely qualified team, which is on the leading edge of information security services and training methodology development," said Leonard. "I'm looking forward to expanding Secure Ninja’s suite of security services and training offerings internationally, ensuring its growth and market captivity, as well as attaining global branding.”

About Secure Ninja

Secure Ninja is a leader in Information Security, IT training and certification such as CISSP, Security+, CEH, CAP, CISM, ISSEP, ISSMP, ISSAP, Cloud Security, Wireless Security and Computer Forensics to name a few. Secure Ninja has been providing businesses with programs that answer regulatory needs and skills gaps for over 8 years. Our training programs educate and certify employees in the areas that are critical to business operations. With certified professionals on staff, the company demonstrates that it is seriously engaged in producing ROI on technology investments and handling compliance requirements competently. Our programs also create solutions for the DOD and the system integrator community by answering the certification needs of the 8570.01-M mandate. Secure Ninja’s assessment, consulting and security services division specializes in governance, risk and compliance programs for both corporate & government agencies including information assurance, IV&V security audits and cyber-security solutions.  For more information visit http://www.secureninja.com

*** A recording of the webcast will be sent to everyone who registers, so be sure to sign up even if you can’t make the live session. ***

• The advanced threat cycle, and what attack techniques and tools are seen most frequently
• What most internal pen testing teams are doing today, and why it may not be adequate for today's threat landscape
• How internal pen testing teams can switch up their normal testing regimens to better represent advanced threats to organizations
• Tips for how to prevent and detect advanced malware as part of your assessment program

Click here to register
 http://ws.coresecurity.com/PenTestsEvolved.html 

In Egypt : 30 % discount Coupon for EC council Courses inside the Printed Copy.

Printed Copy Request
Coming Soon : Arabic Version

Open Source Web Application Security Testing Tools by Vinodh Velusamy

Author shows the significance of Open Source Web Application Security Testing Tools. As he claims „When you choose and use good tools, you’ll know it. Amazingly, you’ll minimize your time and effort installing them, running your tests, reporting your results – everything from start to finish.

Most importantly, with a good web vulnerability scanner you’ll be able to maximize the number of legitimate vulnerabilities discovered to help reduce the risks associated with your information systems.
At the end of the day and over the long haul, this will add up to considerable business value you can’t afford to overlook”.

More Articles:

- Modeling Security Penetration Tests with Stringent Time Constraints by Alan Cao
- The puzzlepices by Daniel Clemens
- WebAppSecurity for Newbies part 2 Herman Stevens
- Web Application Common Vulnerabilities – Part I by Bryan Soliman
- CYBER STYLETTO by Mike Brennan and Richard Siennon


SUBSCRIBE NOW AND GET 2 AMAZING E-BOOKS !

1. CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits details the methodologies, framework, and unwritten conventions penetration tests should cover to provide the most value to your organization and your customers.

2. In his new book "Save the Database, Save the World!" John Ottman captures the essence of the threats we face to the information that drives business. Organized crime, underhanded competitors and even foreign governments are looking to gain any financial, competitive or operational advantage and these enemies are going directly after the databases and the applications that access data.

After subscribing contact katarzyna.zwierowicz@software.com.pl with "WAPT" in the tittle of the message.

You can visit us at: http://www.pentestmag.com