Links Page

Hopefully the links below will prove a good starting point for any Vulnerability Assessment/ Penetration Testing information you require across a number of different specialisations.

Vulnerability Information

The following sites are an excellent resource for Vulnerability Information:

• Security Focus

• Microsoft Security Bulletin

• Common Vulnerabilities and Exploits (CVE)

• National Vulnerability Database (NVD)

• The Open Source Vulnerability Database (OSVDB)

• United States Computer Emergency Response Team (US-CERT)

• Computer Emergency Response Team

• Mozilla Security Advisories

• SANS

• Securiteam

• PacketStorm Security

• Security Tracker

• Secunia

Exploits Information

The following sites are an excellent resource for obtaining exploits or information about them:

• Securiteam :- Exploits are sorted by year and must be downloaded individually.

• SecurityForest :- Updated via CVS after initial install.

• GovernmentSecurity :- Need to create and account to obtain access.

• Red Base Security :- Oracle Exploit site only.

• WVE :- Wireless Exploit Site.

• PacketStorm Security :- Exploits downloadable by month and year but no indexing carried out.

• SecWatch :- Exploits sorted by year and month, download separately.

• SecurityFocus :- Exploits must be downloaded individually.

• Metasploit :- Install and regularly update via svn.

• Milw0rm :- Exploit archived indexed and sorted by port download as a whole - The one to go for!

Security Info - General

• Talisker:- Large index of IT Sy resources, including a glossary of Intrusion Detection and Prevention systems.  

• The Register:- Offers news, views, opinions and reviews on what's latest in the IT industry.

• LogicallySecure:- IT Security forum, providing useful updates on News and VA and Pen Test Tools.

• Security Database:- Excellent portal gathering information on Security Tools and advisories etc.

Security Scanners

• Nessus:- Security scanner for Linux, BSD, Solaris, and other flavours of Unix.

• GFI:- LANguard Network Security Scanner is a security & port scanner tool to audit network security.

• Insecure:- Developers of NMAP, a network port scanner and service detector offering stealth SYN scan, ping sweep, FTP bounce, UDP scan etc.

• SARA:- SARA is a comprehensive network security scanner.

• Sensepost: - Makers of quality web application and general security scanning software, both free and commercial.

• Nikto:- A web server scanner which performs comprehensive tests against web servers for multiple items, including dangerous files/CGIs.

• THC:- Website for various exploits and hacking (and Vulnerability Assessment) tools including Hydra and Amap.

• NStalker:- NStalker provides a comprehensive Web Application Scanning suite.

Oracle - General

• Integrigy:- A leader in Application Security for Enterprise, Mission Critical Applications.

• Pete Finnigan:- Oracle and Oracle Security papers, Tools, Links and Information from an Oracle security expert.

• Redbase Security:- Red-Database-Security GmbH is specialised in Oracle security.

Wireless - General

• WirelessDefence:- Site provided for Wireless (802.11a/b/g) LAN Security Auditors and Penetration Testers.

• NetStumbler:- Includes news, access point mapping, and software.

• Russwill:- Wireless distro - Russix. How-To's on breaking WEP/ WPA and general wireless information.

Blogs

• Metasploit Blog
• Software Vulnerability Exploitation Blog
• Jeremiah Grossman Blog
• nCircle Blogs
• Fsecure Blog
• g0ne blog
• MC Blog
• Security Fix Blog
• Rise Security
• Rational Security
• pentest mokney.net
• GNUCitizen
• ha.ckers Blog
• Taosecurity Blog