Breaking News - Security:
SPI Dynamics Announces Automated ToolKit For Penetration Testers
SPI Dynamics Inc announced SPI ToolKit, the first and only comprehensive,
automated professional ToolKit designed for application security penetration
testers. Commercially supported to provide penetration testers with a
reliable, up-to-date set of tools, SPI ToolKit helps assess enterprise
environments for critical flaws within the security infrastructure.
The SPI ToolKit consists of productivity tools that allow penetration testers
to test Web applications at a more advanced, in-depth degree than possible
manually or with automated vulnerability assessment tools. With a wide-ranging
array of tools, pen testers can identify critical vulnerabilities by engaging
specific attempts at penetrating the Web application. SPI ToolKit users
benefit from a commercially supported product that ensures reliability,
updates, and ease-of-use. WebInspect customers can also upgrade their existing
tool set to include these advanced tools for simplifying complex testing
methods such as SQL injection, cookie analysis and HTTP fuzzing.
"SPI Dynamics built the SPI ToolKit based on our core expertise and years of
specific focus on Web application security issues in order to adequately
address the needs of our customers requesting automated tools that will
aggressively and effectively assess the Web application risks facing
organizations," said Caleb Sima, founder and CTO of SPI Dynamics. "Compared to
freeware tools available in the market today, and based on the feedback of
customers, the SPI Toolkit provides the ability for security professionals to
produce a more thorough assessment of a corporate infrastructure's Web
application risks with automated, in-depth tools that are very easy to use and
powerfully reliable."
Features of the SPI ToolKit include:
- Cookie Cruncher -- Analyzes cookies to determine predictability.
- Encoders/Decoders -- Translates different encryption standards.
- HTTP Editor -- Creates, edits, sends and receives HTTP requests -- Regex
Tester -- Tests regular expressions.
- SOAP Editor -- Creates, edits, sends and receives SOAP requests.
- SQL Injector -- Automates the exploitation of SQL injection
vulnerabilities.
- SPI Fuzzer -- HTTP fuzzing or modification of input variables.
- SPI Proxy -- Stand-alone, self-contained proxy server that can be
configured and run on a desktop to monitor traffic for debugging and
penetration assessments; provides ability to view every request and server
response while browsing a site.
- Web Brute -- Brute force tool to test strength of usernames and passwords
used in login forms or authentication pages.
- Web Discovery -- Discovery tool to identify Web servers and which
applications are behind which ports.
The SPI ToolKit is part of SPI Dynamics' integrated suite of products to
address Web application security throughout all phases of the application
lifecycle -- from development to QA to production and audit. The introduction
of SPI ToolKit continues to deliver on SPI Dynamics' leadership role in
application security and vision of providing in-depth solutions for addressing
security for all enterprise users involved in application development.
SPI Dynamics' product line helps organizations streamline security assurance
by offering an automated security testing process for each group within their
existing work environments, including Microsoft Visual Studio .NET, IBM
WebSphere and Mercury TestDirector, providing the security expertise needed to
develop secure applications on time in compliance with internal best practices
and external regulations.
|
