Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Six Essential (Free) Tools For Security Teams

Information security is a big topic with a lot of disciplines, and hardly anyone is an expert in all of them. The good news is that there are some truly remarkable free tools out there that not only can help you and your team get things done, but also provide a great way to learn new security skills quickly. The list below provides an introduction to what I consider to be some of the most essential tools in particular areas of security.

Information security is a big topic with a lot of disciplines, and hardly anyone is an expert in all of them. The good news is that there are some truly remarkable free tools out there that not only can help you and your team get things done, but also provide a great way to learn new security skills quickly. The list below provides an introduction to what I consider to be some of the most essential tools in particular areas of security. Keep in mind that this is a list of my personal favorite tools, and is not in the least bit intended to be authoritative. So if you don’t see your favorite tool, please add them in the comments at the bottom.

Network Tools: Wireshark

Free Security ToolsWireshark is the industry standard for performing packet analysis of network traffic, and it is indispensable for everything from troubleshooting network performance problems to in-depth analysis of malware and attack traffic. A great many security products will save packet captures of network events and Wireshark makes it easy to look into these pcaps and see exactly what is going on. Just as importantly, Wireshark provides a wealth of tutorials and training on their site to get you up and running quickly. Additionally, packet captures are readily available for virtually any type of network-based threat, so you can learn from real-world examples. Netresec provides a very useful aggregated list of sample PCAPs for security professionals. Furthermore, as you dig into the details of protocols and specific threats, Wireshark will allow you to write custom signatures that you can implement in an IDS/IPS.

System Tools: Sysinternals

Sysinternals is a suite of utilities for the Windows family of operating systems, and is a must-have for anyone that needs to find out what is going on behind the scenes of a Windows machine. For example, have you ever looked at the long list of svchosts in your Windows Task Manager and wondered what they were really doing? Just fire up Process Explorer from Sysinternals, and you can not only see the application that is using the service host, but also track individual threads, related registry keys, as well as files and DLLs related to the process. For a security professional these tools are incredibly helpful for analyzing malware or investigating machines that may be infected with malware. Given that malware regularly injects into other running application to avoid being seen, it can be very helpful to see exactly what is going on behind the scenes of a particular process. This is just the tip of the iceberg, and Mark Russinovich, one of the masterminds behind Sysinternal, maintains a stellar library of exercises, case studies, and walkthroughs of real-world problem solving using the suite.

Pen Testing: Kali Linux and Metasploit

Kali Linux is a veritable supergroup of free security tools, and the beauty is that it comes prepackaged as an integrated virtual image. Kali is the successor to BackTrack Linux, and it is organized to facilitate each phase of a network penetration spanning reconnaissance, exploitation, persistence, and in-depth forensic analysis. The package consolidates many industry-standard tools including Wireshark, NMAP, and a variety of password cracking tools such as Hydra. Additionally, Kali includes Metasploit, which is a rockstar of security tools in its own right. Metasploit allows you to design and test exploits against vulnerable machines very easily. Metasploit is developed by Rapid7 which provides several other free and freemium tools including a vulnerable server to use for testing your exploits.

Web Application Testing Tools: OWASP – ZAP

Websites and web-applications have become mission critical for most every organization, and their constant exposure to the Internet makes them some of the most popular targets for attackers. The Open Web Application Security Project (OWASP) is an open-source, vendor-neutral organization dedicated to web application security, and they provide a range of very powerful tools. The Zed Attack Proxy or ZAP is one of the best of these tools, and it provides a very complete solution for testing and finding vulnerabilities in web applications. As the name implies, ZAP acts as a proxy sitting between the browser and the web server. This allows ZAP to see every interaction with the web server, and even provides some debugger-esque features by allowing the tester to set breakpoints and modify content in flight. It is a very complete tool offering passive and active vulnerability scanning, spiders to find hidden pages, and fuzzing capabilities to tease out some of the more unexpected vulnerabilities. Since everything from OWASP is free, you also get access to all features without having to worry that you will get upsold when you need a particular feature.

Advertisement. Scroll to continue reading.

Browser-based Pen Testing: BeEF

Web-browsers have become some of the most popular initial targets for attackers looking to compromise an end-user’s machine. Once compromised, these machines make very powerful beachheads for deeper infiltration of a network. The Browser Exploitation Framework (BeEF) focuses on just this sort of attack with a pen testing suite focused on client side attacks. BeEF works by hooking vulnerable web browsers and then using those browsers to reconnoiter the environment, find additional vulnerabilities, and maintain access for ongoing hacking. This includes the ability to fingerprint the network that the client machine is on, log the users keystrokes, and even enumerate social media services on the host. The framework also enables browser redirection, clickjacking, as well testing of XSS attacks. Client side vectors are very popular in the wild, but are often poorly understood even in security circles, and BeEF provides a great way to learn about them and see them in action.

While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience. Of course, these are just a few of the many incredible tools that are available online, so please comment with your own favorites, and have fun!

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...