Security Assessment Tools

Tools

The following tools should be used in combination to conduct security assessments.


Rapid 7 Nexpose (RIT Enterprise Licensed by ISO)

Unified vulnerability management enterprise solution


Nessus

Network Vulnerability Scanner


CIS Score

Security Consensus Operational Readiness Evaluation provides various security checklists.


Secunia Vulnerability Scanners

Secunia Software Inspectors provide detection and assessment of missing security patches and end-of-life programs.


Microsoft Baseline Security Analyzer (MBSA)

MBSA helps determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.


Nipper

Nipper enables network administrators, security professionals and auditors to quickly produce reports on key network infrastructure devices.


Scrawlr

HP SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.


Core Impact

Penetration testing software


Qualys

Provides a suite of tools for:

  • Vulnerability Management
  • Policy Compliance
  • PCI Compliance
  • Web Application Scanning

NMAP

Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.


BidiBlah

The BiDiBLAH utility is a framework that can be used to assist in automating existing vulnerability assessment tools.