Posts

Security Software & Tools Tips – April 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
*
Ghidra
* Angry IP Scanner
* Maltego
* Detectify
* Autopsy

Ghidra

Information from the Ghidra website:

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux.

Website:

https://github.com/NationalSecurityAgency/ghidra

Angry IP Scanner

Information from the Angry IP Scanner website:

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.

Website:

https://angryip.org/

Maltego

Information from the Maltego website:

Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.

Website:

https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php

Detectify

Information from the Detectify website:

Detectify performs automated security tests on your web application and databases and scans your assets for vulnerabilities including OWASP Top 10, CORS, Amazon S3 Bucket and DNS misconfiguration.

Website:

https://detectify.com

Autopsy

Information from the Autopsy website:

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.

Website:

https://www.sleuthkit.org/autopsy/

Photo by chris panas on Unsplash

Star Wars – Good versus Evil

In fairy tales good always triumphs over evil. In real life that is not always the case. To remedy this, we have seen a change in how businesses work on security

In stories like The Lord of the Rings, Cinderella, and Star Wars, good always triumphs over evil. In real life, however, that is not always the case. To remedy this, we have seen a change in how businesses work on security. More and more companies receive aid from the good White Hat Hackers to fight the evil Black Hat Hackers. By utilizing Bug Bounty programs, companies can receive assistance from ethical hackers. Instead of receiving the princess and half the kingdom, hackers who manage to identify vulnerabilities, receive a great reward through the Bug Bounty program.

A Frightening Menace from the Dark Side

Hacker attacks have become more frequent, and more creative. Every day, you hear about it in the media. The demand for security expertise is steadily increasing, and the number of suppliers can’t keep up, both in Sweden and internationally. This has made it ever more important for businesses to use alternative ways of finding the expertise that they need from skilled security experts.

Basefarm’s partner Detectify knows this, and has launched a new platform, Detectify Crowdsource. On this platform, they can invite independent White Hat Hackers (people who hack with good intentions) from all over the world. The initiative was inspired by the Bug Bounty programs, where companies give ethical hackers an opportunity to help them to identify holes in their website’s security. This is a way of enhancing their own security team by using freelancing security experts and rewarding them for their discoveries. The hacker world is global, and everyone has their own specialty, for example web applications, mobile applications, IOT & firmware, API, network application, and network infrastructure.

The Light Side of the Force Musters for Battle and Strikes Back

”Detectify Crowdsource helps us in accessing the best security expertise and thus enhances our tools”, says Carl Svantesson, CMO at Detectify. ”In practice, it means that our register of identified ”vulnerabilities” in various programs and technologies becomes wider and can cover niche areas.”

Through their platform, Detectify receives ongoing reports about the latest vulnerabilities that are discovered by the invited hackers. The vulnerabilities are then built into the tool by the Detectify security team, after a thorough review. For the clients of Basefarm, it means an even more reliable security scan – Vulnerability Assessment, a solution from Detectify, and offered by Basefarm.

May the Force Be With You – Test Your Applications!

Today, it’s not just the tech companies that utilize Bug Bounty programs. The programs are also used by companies in retail, the motor industry, and in banking and finance. It is primarily companies that are especially exposed that choose to start their own Bug Bounty programs, for example through the use of platforms like Bugcrowd. They do this to test their applications and to gain access to expertise and creativity from thousands of ethical hackers.

Five steps towards an increased application security:

  1. Determine the applications that need to be tested for vulnerabilities.
  2. Start work by using an automated vulnerability tool. This is good enough for most companies. If you are a Basefarm or Detectify.com client, you can use Basefarm’s Vulnerability Assessment tool.
  3. Add a manual layer by engaging the hacker world in a Bug Bounty program. This is especially important if your company is exposed to hacker attacks.
  4. Always act quickly when you have identified bugs or vulnerabilities. You can do this by using an automated tool and with a Bug Bounty program. This will enable your team to have the information as soon as a bug is discovered.
  5. Work continuously on security.

About Detectify

Aiming to offer a simple and automated security solution, Detectify was founded by the world’s best White Hat Hackers in 2013. Their solution has already been named Symantec’s Security Expert of the Future and they were also included in Europe’s hottest startups 2016 by Wired. One of the founders, Frans Rosén, came in second place in “HackRead’s 10 Famous Bug Bounty Hunters of All Time”.