Pro+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2003

Security audit tools: Vendors every auditor should use

Here's a representative list1: Google A real hacker thinks outside the box and learns to use tools in a way they may not have been intended. While the Google search engine is not, strictly speaking, an auditing tool, it's great for gathering information about a site. For example, trying entering "@my company.com" (where "mycompany" is your domain). Sometimes, this can yield some good data, such as a system administrator posting technical details about his site, which conveniently contains his account name. Google is like the Unix "grep" command on steroids. Utility Tools These are single-purpose tools that may either be native to the operating system or freely available. Utility tools require a manual approach, though they are often included in customized scripts--or even commercial products. Pros: Utility tools are freely available and are tightly focused for a specific task, making them more efficient. Cons: It requires skill to use them. For a large audit, manual testing is time-consuming and may produce inconsistent results,...

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close