Security - Free and Open Source Tools

Author: Bill Ricardi

I'm going to make an assumption here. I assume that people who test on uTest like the monetary rewards associated with testing. Don't get me wrong, I love the thrill of the bug hunt as much as the next guy. But I'm a professional. I expect to get paid for my efforts, and I don't like wasting my time. I also hate investing hundreds of dollars in expensive software that might never pay for itself.

In recent years, I've gone to an entirely free and mostly open source software testing platform. The dedication of the open source community helps keep the software safe from infection, and as bug free as possible. If anything, my typical bug-per-hour and bug quality statistics have gone up slightly.

I'm not going to recommend any specific piece of software other than Open Office. You need to read about them and match your tools to your personal preference, experience level, and operating system. However I will mention that you should have software that covers the following aspects of security testing:

1. Document Editor (Open Office - http://www.openoffice.org/ )
2. Port Scanner
3. Automated Vulnerability Scanner
4. Web Page Analyser and Link Checker
5. Promiscuous Network Monitor
6. Load Test Generator
7. Command Line or Shell (Included with your OS, but others are available as well)

In order to discover, research, and download these tools, I've assembled a collection of security software archives for you to explore:

http://www.opensourcetesting.org/ - One of the most comprehensive open source security testing archives around.

http://lifehacker.com/5487500/five-best-vpn-tools – A collection of the best VPN software, all but one of which are free.

http://sectools.org/ - Sponsored by the team over at Insecure, this is a compilation of the results of software surveys taken in the security testing community.

http://www.networksecurityjournal.com/features/open-source-security-tools-applications-resources-041007/ - A good collection of white hat security tools.

In addition, here are some resources that you will find yourself using over and over again:

http://www.cxo.eu.com/news/password-protected/ - A great analysis of the most commonly used passwords, and the most secure.

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers – The well known TCP and UDP port list.

http://www.phenoelit-us.org/dpl/dpl.html – The default password list for an amazing array of network devices.

http://www.defaultpassword.com/ - The default password database, where you can look up and contribute the default password on all sorts of networked and non networked devices.

http://www.googlelabs.com/ – Not only is Google a great search engine, but they have created a comprehensive suite of free resources that is expanding every day.

Without a doubt, the free and open source community can launch your security testing career. Don't pay for a security product until you've tried the open source alternative!