Scribd Logo
Upload

Welcome to Scribd!

  • Herramientas Cripto

    Uploaded by

    emilianommgc
    7 views8 pages
    This document discusses security testing tools and techniques for cryptography and cryptoanalysis. It provides lists of vulnerability scanning, dependency checking, testing tools, and SQL injection testing applications. It also discusses techniques for preventing vulnerabilities like cross-site scripting and adding security headers. Finally, it lists some tools for personal security like password managers and encryption software.

    Original Description:

    Original Title

    HerramientasCripto

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses security testing tools and techniques for cryptography and cryptoanalysis. It provides lists of vulnerability scanning, dependency checking, testing tools, and SQL injection testing applications. It also discusses techniques for preventing vulnerabilities like cross-site scripting and adding security headers. Finally, it lists some tools for personal security like password managers and encryption software.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views8 pages

    Herramientas Cripto

    Uploaded by

    emilianommgc
    This document discusses security testing tools and techniques for cryptography and cryptoanalysis. It provides lists of vulnerability scanning, dependency checking, testing tools, and SQL injection testing applications. It also discusses techniques for preventing vulnerabilities like cross-site scripting and adding security headers. Finally, it lists some tools for personal security like password managers and encryption software.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Bloque II - Plataformas e Integración de Sistemas y Herramientas

    MÓDULO A -
    CRIPTOGRAFÍA
    Herramientas Criptográfica

    bisite.usal.es | 1
    1
    Contenido
    Security testing ........................................................................................................................................................................4
    Vulnerability scanning ...................................................................................................................................................4
    Dependency checkers ......................................................................................................................................................4
    Testing tools .........................................................................................................................................................................5
    SSL/TLS Testing ...............................................................................................................................................................5
    SQL Injection testing ......................................................................................................................................................5
    Vulnerability prevention ....................................................................................................................................................6
    XSS Prevention ..................................................................................................................................................................6
    Security headers ................................................................................................................................................................6
    Personal security ....................................................................................................................................................................7
    3
    Universidad de Salamanca

    Herramientas para Cryptografía y


    Cryptoanálisis

    Security testing
    Vulnerability scanning

    • AppScan Standard, AppScan Source (OnPrem) - powerful standalone security


    scanner for vulnerabilities in Web-based applications (to download go to
    http://w3.ibm.com/software/xl/download/ticket.do and search for AppScan Standard
    Edition and AppScan Source for Analysis, respectively)

    • - cloud based security scanner recommended


    Application Security on Cloud (ASoC)
    for source, mobile, and vulnerable dependency application scanning

    • Contrast - embeddable vulnerability scanner

    • Nessus - general purpose vulnerability scanner

    • nmap - free infrastructure and vulnerability scanner


    • Seatbelt - lightweight security scanner that can be integrated into delivery
    pipelines (developed by IBM EH Dublin)
    • SonarQube - open source static code analysis tool that checks for bugs,
    questionable code, and security vulnerabilities

    Dependency checkers

    • - cloud based security scanner recommended


    Application Security on Cloud (ASoC)
    for source, mobile, and vulnerable dependency application scanning

    • OWASP Dependency Check - open source tool for checking for vulnerabilities in 3rd
    party components

    • Snyk - Dependency vulnerability scanning.


    Master en Blockchain

    Testing tools

    • BURP, ZAP - HTTP proxies useful in manual testing, but which also include a
    layer of security testing

    • - A Linux distribution targeted at security testing, it includes many


    Kali Linux
    useful open source security testing tools.

    SSL/TLS Testing

    • SSLTest - SSL/TLS security testing for externally-facing Web sites

    • sslscan - SSL/TLS security testing for intranet Web sites

    • cipherscan - SSL/TLS cipher verification, will work for non-HTTPS connections


    • SSLyze - SSL/TLS security scanner

    SQL Injection testing

    • sqlmap - tool for testing for SQL injection vulnerabilities

    5
    Universidad de Salamanca

    Vulnerability prevention
    XSS Prevention

    JavaScript

    • Angular - Client-side Javascript library for interface development.

    • React - Client-side Javascript library for interface development.

    • Vue - Client-side Javascript library for interface development.


    • xssStrings - Lightweight XSS JS Util to be included in client side Unit and
    Usability Tests (developed by IBM EH Dublin)

    Java

    • OWASP Java Encoder - Basic output encoding library for outputting HTML in
    Java.

    • OWASP AntiSamy - Highly Configurable HTML/DOM parsing with XSS


    Prevention in Java.

    • OWASP HTML Sanitizer - Actively maintained Java HTML encoding library

    Security headers

    • Helmet - NodeJS - middleware for Koa and Express to add common HTTP
    security headers.
    Master en Blockchain

    Personal security
    • NoScript - browser plugin for selective disabling of scripts on untrusted sites.

    • 1Password - Password manager, cloud-based w/excellent mobile apps.

    • LastPass - Password manager, cloud-based w/excellent mobile apps.

    • KeepassXC - Password manager, self-hosted w/excellent mobile apps.

    • VeraCrypt - File and portable Device encryption. Successor to TrueCrypt.

    You might also like