At Secure Ideas we are a team of security and technology geeks. As such we love to give back to the community whenever we can. That's what this page is all about! Here are some of our favorites:
Keep up with what's happening at Secure Ideas by following our twitter feed:
We lead and contribute to several familiar Open Source security projects. Below are some of our favorites (click for more details):
The Samurai Web Testing Framework is a VMWare linux environment that has been pre-configured to function as a web pen-testing environment. The distribution contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
In addition to tools, the Samurai Web Testing Framework comes equipped with several vulnerable target websites. While on a host-only virtual network these provide a safe learning environment in which to practice all sorts of web penetration testing activities.
The MobiSec Mobile Testing Framework project is a Virtual Machine Linux distribution for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities. The MobiSec distribution provides a single environment for testers to leverage the best of all available open source mobile testing tools, as well as the ability to install additional tools and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry-proven testing framework.
Laudanum is a collection of injectable files, in multiple languages for different environments, designed for use in a penetration test when SQL injection flaws are discovered. This collection of injectable files provides functionality such as shell, DNS query, LDAP retrieval, and others.
The purpose of this Burp extension is to improve efficiency of manual parameter analysis for web penetration tests of either complex or numerous applications. This can assist in tasks such as identifying sensitive data, identifying hash algorithms, decoding parameters, and determining which parameters are reflected in the response. This extension performs an in-depth and intelligent parameter analysis of all in-scope Burp traffic. Results are displayed in an interactive table and can be sent directly to other Burp tools such as Repeater.
The CO2 Burp extension includes a variety of functionality to enhance certain web penetration test tasks, such as an interface to make interacting with SQLMap more efficient and less error-prone, various tools for generating lists of users, a Laudanum exploitation shell implementation, and even a word masher for generating passwords. CO2 is available in the BApp Store and works with both the free and pro version of Burp.
Below are other open source projects we have also worked on, including several legacy projects:
|Sh5Ark||Securing HTML5 Assessment Resource Kit - open project providing a repository of HTML5 features, proof-of-concept attack code, and filtering rules.||sh5ark.secureideas.net|
|Weaponized Flash||An open source project focused around creating Rich Internet Application (RIA) objects for use during penetration tests.||Sourceforge: weaponizedflash|
|BASE||Basic Analysis and Security Engine (BASE) is based on the code from the Analysis Console for Intrusion Databases (ACID) project.||Sourceforge: secureideas|
|Yokoso||A project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications.||yokoso.secureideas.net|
|SecTools||Collection of open source security tools that enhance the ability of people and companies to secure their environment.||Sourceforge: sectools|
|SharePoint (SPScan)||SPScan is a tool written in Ruby that enumerates a SharePoint installation gathering information about the version and installed plugins.||Sourceforge: spscan|
If you have suggestions or are interested in contributing to any of these projects please Email Us.
We are so passionate about security topics, tools, and tricks & tips, that we will often blog about them or talk about them in webcasts. Check out some of that content here:
We are proud to work with each of our clients to help them improve their security posture. Here is what some of our clients have said about us:
We look forward to our continued working relationship with Secure Ideas. You guys are just so Professional......ly EVIL!!! Ha!!!Tim Craig, VyStar Credit Union
Secure Ideas provides cost effective, highly professional solutions that have been delivered in a timely fashion year after year to Info Tech, Inc.Aaron DeSha, InfoTech, Inc.
Kevin and Secure Ideas stay current on all the latest vulnerabilities and offer a wealth of information and experience.Tim Donovan, Financial Network, Inc.