Access your Pro+ Content below.
Security audit tools: Vendors every auditor should use
This article is part of the March 2003 issue of Information Security magazine
Here's a representative list1: Google A real hacker thinks outside the box and learns to use tools in a way they may not have been intended. While the Google search engine is not, strictly speaking, an auditing tool, it's great for gathering information about a site. For example, trying entering "@my company.com" (where "mycompany" is your domain). Sometimes, this can yield some good data, such as a system administrator posting technical details about his site, which conveniently contains his account name. Google is like the Unix "grep" command on steroids. Utility Tools These are single-purpose tools that may either be native to the operating system or freely available. Utility tools require a manual approach, though they are often included in customized scripts--or even commercial products. Pros: Utility tools are freely available and are tightly focused for a specific task, making them more efficient. Cons: It requires skill to use them. For a large audit, manual testing is time-consuming and may produce inconsistent results,...