Web Application Security Scanner Evaluation Criteria 1.0 released

Web Application Security Scanners are automated tools to test web applications for common security problems such as cross-site scripting, SQL injection, directory traversal, insecure configurations, and remote command execution vulnerabilities. These tools crawl a web application and locate application layer vulnerabilities and weaknesses, either by manipulating HTTP messages or by inspecting them for suspicious attributes.
A large number of web application scanning tools are available, both commercial and open source. Effective use of these tools is an important part of a thorough web application security assessment, and regular security scans are required to comply with security requirements such as section 6.6 of the PCI DSS.

The Web Application Security Scanner Evaluation Criteria (WASSEC) is a set of guidelines to evaluate web application scanners on their ability to effectively test web applications and identify vulnerabilities. It covers areas such as crawling, parsing, session handling, testing, and reporting.

Read More: Here

Grsync: GUI for rsync 0.9.2 released

Grsync is an open source rsync GUI. It can be effectively used to synchronize local directories and it supports remote targets as well (even though it doesn't support browsing the remote folder).

Features:

• Most commonly used rsync options available, additional options may be specified by command line switches
• Saves multiple settings with customized names (no limit on number of "sessions")
• Can do simulation or normal execution
• Captures and prints rsync output nicely on a own window and log to a file
• Parses rsync output to display progress bars and other information
• Highlights errors and show them on a separate window, for better and faster control over rsync runs
• Can pause rsync execution
• A good number of translations available
• Can run custom commands before (and stop in case of failure) and after rsync
• Shell script for batch, crontab use etc. provided (grsync-batch)
• Can import and export sessions on file; i.e. share your settings with people.

Download: Here

Vulnerability scanner SAINT 7.1.3 released

SAINT offers an integration of vulnerability assessment and penetration testing tools.
New features in version 7.1.3:

• Added support for ntlmv2 authentication.
• SAINTwriter: Added option to have no header in reports.
• Added $support_noframes option to allow user to skip the noframes tag for performance reasons.

Read more Here

Anonymizing network I2P 0.7.7 released

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

Many applications are available that interface with I2P, including mail, peer-peer, IRC chat, and others. I2P is a low latency mix network, and there are limits to the anonymity offered by such a system, but the applications on top of I2P extend it to offer both additional functionality and protection.

I2P version 0.7.7 contains several anonymity improvements. The use of session keys for crypto was completely reworked, and I2PSnark now uses its own tunnels for tracker communication. Work continues on improving the router console, including conformance to HTML standards and better support of UTF-8.

Work also continues on increasing speeds, both by reducing the number of session keys transferred, by improving the methods of dropping messages during overload, and by reducing drops by high-bandwidth routers. There is a new unsigned update option for those of you that would like automatic udpates to bleeding-edge development versions.

The release also contains several changes to reduce memory and CPU usage, and a large assortment of bug fixes.

Download: Here