Showing posts with label risk. Show all posts
Showing posts with label risk. Show all posts

Wednesday, November 14, 2018

Free Risk Assessment Tool - Titania

Risk Assessment Tool:

                                 is a quick to implement, easy to use tool that helps you lock down your workstations and servers against attack. Discover new vulnerabilities (that others might find) & harden your network today.

Cyber Essentials, the inspiration for our Risk Assessment Tool, is a Government-backed and industry supported scheme to guide businesses in protecting themselves from cyber threats. It is derived from years of research on business breaches - which resulted in practical, easy to implement actions removing up to 80% of your cyber risk.

The five controls, designed to maximise protection of your business are: 
  •     Boundary Firewalls and Internet Gateways
  •     Secure Configuration
  •     Access Control
  •     Malware Protection
  •     Patch Management

Despite its relative simplicity, basic knowledge of information security is required to understand and complete the Cyber Essentials self-assessment questionnaire (both in language and practice). This knowledge is something many businesses either don’t have or is it costly to hire (IT experts are often busy, costly or both!).

Titania’s automated audits help at every step, our free Risk Assessment Tool is simple enough for SME’s and our enterprise tools (Paws and Nipper Studio) will accelerate compliance, cut costs and free up your experts for the many projects on their “to do” list...

Lancaster University study of Cyber Essentials found:

“This, more than anything else should be understood by SMEs, taking no action to combat cyber threats simply isn’t an option. With Cyber Essentials tools, more than 99% of the vulnerabilities in SMEs interviewed were mitigated.”

Download Link : https://www.titania.com/downloads/riskassessmenttool-1.3.291-win64.exe

Ref / Key Link : https://www.titania.com/customers/bonus-tools/risk-assessment-tool

Wednesday, March 11, 2015

Best / Open Risk Assessment / Analysis Tool

CORAS:

               is a method for conducting security risk analysis. Platform for risk analysis of security critical IT systems using UML, based on the CORAS model-based risk assessment methodology. Contains an XML and UML repository, facilitating management and reuse of analysis results.





               CORAS provides a customised language for threat and risk modelling, and comes with detailed guidelines explaining how the language should be used to capture and model relevant information during the various stages of the security analysis. In this respect CORAS is model-based. The Unified Modelling Language (UML) is typically used to model the target of the analysis. For documenting intermediate results, and for presenting the overall conclusions we use special CORAS diagrams which are inspired by UML. The CORAS method provides a computerised tool designed to support documenting, maintaining and reporting analysis results through risk modelling.

Download Link :

http://coras.sourceforge.net/downloads.html

or

http://sourceforge.net/projects/coras/files/latest/download?source=navbar 

Microsoft Security Assessment Tool 4.0:


                                                           is the revised version of the original Microsoft Security Risk Self-Assessment Tool (MSRSAT), released in 2004 and the Microsoft Security Assessment Tool 2.0 released in 2006. Security issues have evolved since 2004 so additional questions and answers were needed to ensure you had a comprehensive toolset to become more aware of the evolving security threat landscape that could impact your organization.




There are two assessments that define the Microsoft Security Assessment Tool:


  • Business Risk Profile Assessment
  • Defense in Depth Assessment (UPDATED)
Download Link : http://www.microsoft.com/en-in/download/details.aspx?id=12273

PTA (Practical Threat Analysis):

                                     is a risk assessment methodology and a suite of software tools that enable users to find the most beneficial and cost-effective way to secure systems and applications according to their specific functionality and environment. 






Download link : http://www.software.co.il/ptadownload/pta1215.exe


ISO 17799 RAT ( Risk Analysis Toolkit ) :

                           to perform risk analysis based on the ISO 17799 on public or private companies.

This analysis was conducted by questionnaire, from which reports on security policies will be generated to perform in the organization to address the risks identified.



Confidentiality, integrity, availability, authenticity and traceability (accountability): the risks are analyzed in several dimensions. The impact of risk is also analyzed
To address the risks and impact are proposed:

    Safeguards (or countermeasures)
    Safety Standards
    Safety procedures
    Elements backup (back up)
    Disaster Recovery Plans

The motivation for choosing this project has been the lack of free software tools that enable risk management in organizations, especially SMEs can not afford the cost of existing commercial tools on the market.

 Download Link : http://ratiso17799.sourceforge.net/descargas.html

Security Officers Management and Analysis Project (SOMAP):

                              is all about defining security management work methods and supplying Security Officers with tools to do their job more efficient and following standards easily.





Features

  • Information Security Risk Management Methodologies and Tools
  • Open Risk Model Repository
  • Risk Assessment
  • Risk Management
Download Link : http://sourceforge.net/projects/somap/files/latest/download?source=navbar






Wednesday, October 2, 2013

Database Server Vulnerability Scanner / Penetration Testing Toolkit

Scuba :

             Scuba is a free tool that scans leading enterprise databases for security vulnerabilities and configuration flaws, including patch levels. Reports deliver actionable information to quickly reduce risk, and regular vulnerability updates ensure that Scuba keeps pace with new threats.


Use Scuba to:
  • Automate vulnerability discovery
  • Secure infrastructure and measure compliance
  • Prioritize risk and focus remediation resources
  • Safely test enterprise class databases


    Download Link : https://www.imperva.com/lg/lgw.asp?pid=213  


 Safe3SI :

              is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database,to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

 Download Link : http://sourceforge.net/projects/safe3si/files/


DBPwAudit :

                 is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.




McAfee Vulnerability Manager :

                             for Databases automatically discovers databases on your network, determines if the latest patches have been applied, and tests for common weaknesses such as weak passwords, default accounts, and other common threats. Vulnerability Manager for Databases conducts more than 4,700 vulnerability checks against leading database systems, including Oracle, SQL Server, DB2, and MySQL.







AppDetectivePro :

                          is a database scanner that empowers professionals to scan databases for vulnerabilities, configuration issues, weak passwords, missing patches, access control concerns, and other issues that can lead to user privilege escalation. As complex as databases are, AppDetectivePro provides a cost-effective solution to provide the following:







SQLdict :

         is a dictionary attack tool for SQL Server. SQLdict is a basic single ip brute-force MS SQL Server password utility that can carry out a dictionary attack against a named SQL account.



        The use of this tool is simple you just specify the IP address you are attacking, the user account you are up against and then load an appropriate wordlist to try via the Load Password File button






Oscanner : 

                is an Oracle assessment framework developed in Java. It has a plugin-based architecture and comes with a couple of plugins that currently do:

- Sid Enumeration
- Passwords tests (common & dictionary)
- Enumerate Oracle version
- Enumerate account roles
- Enumerate account privileges
- Enumerate account hashes
- Enumerate audit information
- Enumerate password policies
- Enumerate database links

Download Link :

Version 1.0.6 source oscanner_src_1_0_6.zip
Version 1.0.6 binary oscanner_bin_1_0_6.zip





Oracle Auditing Tool :

                                 Exploits some of the known vulnerabilities of Oracle. Includes SID Enumeration, Passwords tests [common/ dictionary]. Supports attachment of malformed shell codes with TCP packets for crashing the remote server or gain DBA privileges on it.

 Download Link : http://sourceforge.net/projects/oracleauditor/files/latest/download

 


Secure Oracle Auditor :

                                   is an Oracle auditing and Oracle security vulnerability assessment software which is capable of scanning multiple Oracle database servers. This Oracle security software provides Oracle audit tools, Oracle password tools, database scanner software and Oracle security tools for penetration testing.  Secure Oracle Auditor™ identifies the database security threats in Oracle database that contains significant and precious information which is essential for the organization's success.






Secure SQL Auditor (SQA) :

                                        is a SQL security software that conducts database server security auditing & includes vulnerability assessment tools for SQL database server. It is a network based SQL security assessment tool capable of scanning multiple database servers. Secure SQL Auditor™ performs the massive task of identifying vulnerabilities and threats present in MS SQL database server. It helps administrators in closing loopholes which provide direct access to SQL database servers and lead to monetary, reputational and informational losses.