Инструменти за тестове и самообучение по информационна сигурност

Mozilla Observatory

You can access Mozilla Observatory at:

https://observatory.mozilla.org/

Mozilla Observatory is a free and open source website security scanner that works on top of a Python code base. Mozilla claims that the tool has helped over 125,000 security professionals to configure their sites in a secure manner. It is, therefore, a great avenue for cybersecurity enthusiasts to learn. To use the tool, you just need to copy and paste the URL or domain name of a website into the Observatory, and then click on the Scan Me button. A scan will be conducted and a security report about the website will then be presented. The report includes important security elements such as OWASP header security and TSL best practices. The Observatory is also capable of performing third-party tests from SSL Labs, High-Tech Bridge, and HSTS preload. The security tool also provides links to quality resources that can be used to rectify the identified security issues.
The report is useful for web developers and security admins because it allows them to identify the vulnerabilities on their websites, thus making them safer. A big advantage of this tool is that a user can also schedule automatic security scans after a certain duration. This helps in the monitoring of the website, as the user is notified if their website has any newly developed security issues.

Източник: 





Cybersecurity: The Beginner'sGuide - Dr. Erdal Ozkaya

Инструменти за тестове и самообучение по информационна сигурност

The Root Me password generator

The Root Me password generator can be visited at:

 https://www.root-me.org/spip.php?page=outils&inc=password&lang=en

To date, weak passwords are still a major threat to the security of organizational data and systems. The Root Me password generator is a security tool used to generate user passwords that users can then use to gain access to their account.
There are a number of fields that a user is required to enter, such as password length and additional characters, before clicking on the Generate password button. The tool will then use brute force to try and guess the correct password for a given user account.
This tool is important because when conducting a penetration test, it is common for a user to try and access accounts with weak passwords. The tool will, therefore, be used to identify weak passwords and develop an effective password policy that will ensure that users select passwords that cannot be hacked using common password hacking tools.

Източник: 




Cybersecurity: The Beginner'sGuide - Dr. Erdal Ozkaya

Инструменти за тестове и самообучение по информационна сигурност

Hacking-Lab

Hacking-Lab can be visited at:

https://www.hacking-lab.com/Remote_Sec_Lab/

Hacking-Lab is a free online ethical hacking lab that offers a virtual platform where you can conduct penetration tests. The tool also incorporates several computer network and security challenges that you can attempt in order to build hands-on experience on various networking and security aspects. Hacking-Lab's goal is to promote awareness of ethics in information security. This is achieved using cybersecurity competitions that test important aspects of cybersecurity such as forensics, cryptography, reverse engineering, and cyber defense. The tool is provided for free to foster an environment that creates cyber protection by equipping cybersecurity professionals with relevant knowledge and skills. The tool is also licensed to a number of universities worldwide for educational purposes with the goal of building young cyber talent that can meet the needs of the current business environment and encourage learners to pursue careers in cybersecurity.


Източник: 



Cybersecurity: The Beginner'sGuide - Dr. Erdal Ozkaya

Инструменти за тестове и самообучение по информационна сигурност

F-Secure Router Checker

This is a networking security lab that helps you to check whether a router has been hijacked by cybercriminals. It can be found at:


https://www.f-secure.com/en/home/free-tools/router-checker


A common threat today is DNS hijacking; one of the ways in which it is
carried out is through unauthorized modifications of a router's configurations so that a third party can monitor, control, or redirect the traffic that is passing through the router.

This security lab teaches you how to easily check whether a router has fallen victim to DNS hijacking. This knowledge can help victims stop attacks early enough before any significant damage is done. For example, in a situation where a router's DNS has been hijacked, a quick test using this tool will detect the attack and recommend an appropriate cause of action. This will prevent a user from being redirected to fake versions of genuine sites, such as in online banking, where their records or login credentials can be stolen and used to access their bank accounts. The tool is also important because it detects vulnerabilities or misconfigured settings in routers that can be exploited by criminals to harm users.


Източник: 



Cybersecurity: The Beginner'sGuide - Dr. Erdal Ozkaya

Инструменти за тестове и самообучение по информационна сигурност

Sucuri

Sucuri can be viewed at:

https://sitecheck.sucuri.net/ 

It is a security scanner that cybersecurity professionals can use to find out the vulnerabilities in a website. The system provides an interface where users enter the URL of the websites to be scanned. The security tool will then scan the websites for known malware, blacklisting status, errors, and out-of-date software.

The Sucuri system can also be used to ensure that a given web application is clean, fast, and protected. In case malware is detected, the concerned security profession will be able to delete it so that the performance and security of the application are not compromised. The security tool can also detect out-of-date software, such as content management systems, which are common sources of security vulnerability. It will, therefore, be possible to update the software to secure versions in order to minimize exposure to security risks.

Източник: 


Cybersecurity: The Beginner'sGuide - Dr. Erdal Ozkaya

Инструменти за тестове и самообучение по информационна сигурност

Acunetix Vulnerability Scanner

This is a security auditing tool that can be found at: 

https://www.acunetix.com/vulnerability-scanner

It is used by cybersecurity professionals to identify vulnerabilities in web applications that are hosted on the cloud. The use of web applications has increased over the last decade. At the same time, criminals are exploiting the vulnerabilities that are in internet protocols to cause havoc and to benefit financially by stealing confidential information that is sold on the black market. This tool, therefore, provides webmasters or cybersecurity professionals with a free cloud-based system that they can use to detect two of the most common vulnerabilities in web applications. The free version of the tool has limited functionalities compared to the paid version, but it can still provide valuable information that can be used to harden a given web application.
The tool offers an interface with a control panel where a user can select the type of scan, the vulnerabilities to be scanned, reports, settings, and the target system. After a user provides the required information, the scan is conducted and a detailed report outlining the detected vulnerabilities is generated. The security tool also suggests suitable actions that a user can
take to remedy the loopholes.
Acunetix is a useful security tool that can detect more than 4,500 web application vulnerabilities. Moreover, it can scan open source and custom-built applications to detect security loopholes that can be used to compromise the security of web applications.
Acunetix online scanner can also scan perimeter servers for weaknesses and give suggestions on the appropriate cause of action to rectify these weaknesses. The security tool is, therefore, an effective security tool for detecting and rectifying security weaknesses in web applications.

Източник: 


Cybersecurity: The Beginner'sGuide - Dr. Erdal Ozkaya