Security Tools and Assessments

Greetings EE'ers,

This is a bit of an open ended question, but what do you all use or recommend as tools or practices for performing IT security assessments?
James FryEnterprise Solutions ArchitectAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dmitri FarafontovLinux Systems AdminCommented:
Nessus, MetaSploit come to mind.
1
masnrockCommented:
Nmap, Nessus (already mentioned), OVAS... Kali Linux contains a lot of great tools as well
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Commented:
MBSA is good for routing out issues such as open shares missing patches and general misconfigurations on ms OS and server apps like  Mssql and IIS
0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

masnrockCommented:
If you need an alternative to Nessus, there's Nexpose. There's also OpenVAS (which I should've better clarified in my last post, as that's what OVAS meant)
If you're looking for pen test tools, you could look at Metasploit.
Packet capture, Wireshark
Web applications, Burp Suite

There's a lot of aspects you can look at this from....
0
nociSoftware EngineerCommented:
how about testing humans...? with like rubber-ducky or other "usb-keys"...
there are a few DEFCON youtube presentation aout Social Engineering... and people claiming to be able to
talk themselves into any company....

https://www.youtube.com/watch?v=UpX70KxGiVo
https://www.youtube.com/watch?v=cI9xOR7xEi0
https://www.youtube.com/watch?v=fui9AVpp1wo
And a lot more....

Interesting guy:
https://www.youtube.com/watch?v=UNgvShN4USU
also did somthing like:
Poisontap....
see more: https://samy.pl/
0
James FryEnterprise Solutions ArchitectAuthor Commented:
Thanks everyone.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.