auditing
How to conduct an internal audit according to ISO 27001 and BS 25999-2
The key purpose of an internal audit is for an organization to find out if all the processes and activities are running as they are expected. An nternal audit is usually …
BackTrack 5 Wireless Penetration Testing Beginner’s Guide
Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of …
GlobalSign audit reveals only isolated web server breach
GlobalSign – the CA that has been named by the Comodohacker as also compromised and has stopped issuing certificates until it finished investigating these claims – …
Mozilla requests Firefox CAs to confirm they haven’t been compromised
As Google began notifying users that have been possibly affected by man-in-the-middle attacks through the use of the rogue SSL certificate issued by compromised CA DigiNotar, …
Cyber crooks misusing audit tool to breach VoIP servers
Every now and then, cyber criminals misuse “good” software in order to do bad things, and the latest instance of this modus operandi has been spotted by NSS Labs …
WebSurgery: Suite for security testing of web applications
WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. …
Virtualized scanners and report customization for security assessment
Qualys announced a new edition of the QualysGuard Consultant service, featuring virtualized scanner appliances (vScanners) and a report customization module. The new edition …
Faster password hashes cracking based on the DES algorithm on CPUs
Openwall released an updated version of John the Ripper, a password security auditing tool and open source project, providing the community with improvements in the …
Qualys recertifies its cloud computing FDCC auditing service
QualysGuard is recertified for FDCC compliance by NIST as conforming to the Security Content Automation Protocol (SCAP) and its component standards. The QualysGuard FDCC …
Web Application Attack and Audit Framework 1.0 released
The Web Application Attack and Audit Framework’s (w3af) goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. …
GFI LANguard 2011 released
GFI Software launched GFI LANguard 2011, the latest version of the network vulnerability scanning and patch management solution. GFI LANguard 2011 is the first network …
Security auditing tools and challenges
James Tarala is a principal consultant with Enclave Security. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor …
Featured news
Resources
Don't miss
- Building the missing layers for an internet of agents
- What security leaders should watch for when companies buy or sell a business
- Malicious Rust packages targeted Web3 developers
- Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)
- Smart grids are trying to modernize and attackers are treating it like an invitation