Hailstorm security tool

I was able to quickly see whether an application had any vulnerabilities and, if so, how severe they were. Although the price tag may run a bit high for smaller businesses, this is an application security tool worth your attention.

Hailstorm requires some horsepower to run its tests: my Pentium 4 3. I used the new Security and Assessment Wizard and manual tools to create my Web application and infrastructure scans.

The wizard greatly reduces the time and effort required to create a scan. All you need is the starting URL, any user log-in information, and the type of scan to run. Each scan looks successively harder and deeper at the application — and consequently takes much more time to complete. Advanced scan settings are available to allow security managers to tweak specific settings while still working from the wizard. Also effective is the ability to create custom traversals — aka step-throughs — that allow you to define specific portions of the application you want to test.

This way, instead of retesting an entire Web application, for example, you can test only the part that has changed. For each traversal, Hailstorm maintains a list of the forms located in the application. Testers can insert specific information, such as user name and password, into the test application for each form. They can even set the value of check boxes and list boxes. At the heart of Hailstorm are various policies available to throw against the application.

As policies are added to a job and traversal, managers can edit policy values to specifically test certain aspects of the application while ignoring others. Admins can create new policies to include in the library, too. This high level of customization makes Hailstorm flexible enough to meet specific testing parameters, yet powerful enough to detect and report security problems.

Also available are infrastructure tests — more than of them — that look at the underlying network structure hosting the Web application. If the heart of Hailstorm is its policies, then the soul has to be its reporting engine.

Based on Crystal Reports, this feature is second to none. Hailstorm creates comprehensive reports that show the results of the test run and the job runs included in the report.

The reports are interactive, allowing managers to drill down into the reports in order to get to the information they need.

I was able to view the HTTP request and response for a particular vulnerability by simply double-clicking my way through the report. Thankfully, the reporting engine is capable of filtering out redundant or unnecessary data from a report.

On large tests with lots of data, this helps reduce excessive data points and makes the report easier to read. Reference code can be found at GitHub.

VirusBay is a web-based, collaboration platform that connects security operations center SOC professionals with relevant malware researchers. The new and improved threatnote. The open, distributed, machine and analyst-friendly threat intelligence repository.

Made by and for incident responders. AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet. Alexa Top 1 Million sites.

The top 1 Million sites from Amazon Alexa. Never use this as a whitelist. It helps users to know immediately if an IP, Domain or Email is blacklisted. It automatically extracts all the information in realtime from multiple sources. APT Groups and Operations. Binary Defense IP Banlist. BGP Ranking. Botnet Tracker. Real-time certificate transparency log update stream. The following is a list of digital certificates that have been reported by the forum as possibly being associated with malware to various certificate authorities.

This information is intended to help prevent companies from using digital certificates to add legitimacy to malware and encourage prompt revocation of such certificates. CI Army List. Cisco Umbrella. Critical Stack Intel. The free threat intelligence parsed and aggregated by Critical Stack is ready for use in any Bro production system. You can specify which feeds you trust and want to ingest. Cyber Cure free intelligence feeds.

Cyber Cure offers free cyber threat intelligence feeds with lists of IP addresses that are currently infected and attacks on the internet. There is a list of URLs used by malware and a list of hash files of known malware that is currently spreading. CyberCure is using sensors to collect intelligence with a very low false-positive rate. Detailed documentation is available as well. We provide reliable and trustworthy service at no cost. DigitalSide Threat-Intel. Disposable Email Domains.

Emerging Threats Firewall Rules. A collection of Snort and Suricata rules files that can be used for alerting or blocking. It answers the question whether there was a Tor relay running on a given IP address on a given date. Intercept Security hosts a number of free IP Reputation lists from their global honeypot network. ZeuS Tracker. The Feodo Tracker abuse. The site focuses on cyber crime attacks, abuse, malware. FraudGuard is a service designed to provide an easy way to validate usage by continuously collecting and analyzing real-time internet traffic.

Grey Noise is a system that collects and analyzes data on Internet-wide scanners. It collects data on benign scanners such as Shodan. They offer several feeds, including some that are listed here already in a different format, like the Emerging Threats rules and PhishTank feeds.

HoneyDB provides real-time data of honeypot activity. This data comes from honeypots deployed on the Internet using the HoneyPy honeypot. In addition, HoneyDB provides API access to collected honeypot activity, which also includes aggregated data from various honeypot Twitter feeds. Malware samples collection and analysis , blocklist service, vulnerabilities database, and more. An open, interactive, and API driven data portal for security researchers.

Search a large corpus of file samples, aggregate reputation information, and IOCs extracted from public sources.

Augment YARA development with tooling to generate triggers, deal with mixed-case hex, and generate base64 compatible regular expressions. I-Blocklist maintains several types of lists containing IP addresses belonging to various categories.

Some of these main categories include countries, ISPs and organizations. Other lists include web attacks, TOR, spyware and proxies. Many are free to use, and available in various formats. All lists are automatically retrieved and parsed on a daily 24h basis and the final result is pushed to this repository. The list is made of IP addresses together with a total number of black list occurrences for each.

Created and managed by Miroslav Stampar. Kaspersky Threat Data Feeds. Continuously updated and inform your business or clients about risks and implications associated with cyber threats. The real-time data helps you to mitigate threats more effectively and defend against attacks even before they are launched.

Majestic Million. Probable Whitelist of the top 1 million web sites, as ranked by Majestic. Sites are ordered by the number of referring subnets. More about the ranking can be found on their blog. Malc0de DNS Sinkhole. The files in this link will be updated daily with domains that have been indentified distributing malware during the past 30 days. Collected by malc0de.

Maldatabase is designed to help malware data science and threat intelligence feeds. Provided data contain good information about, among other fields, contacted domains, list of executed processes and dropped files by each sample.

These feeds allow you to improve your monitoring and security tools. Free services are available for Security Researchers and Students. The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware.

Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research. The MalShare Project is a public malware repository that provides researchers free access to samples. The Maltiverse Project is a big and enriched IoC database where is possible to make complex queries, and aggregations to investigate about malware campaigns and its infrastructures.

It also has a great IoC bulk query service. Malware Domain List. A searchable list of malicious domains that also performs reverse lookups and lists registrants, focused on phishing, trojans, and exploit kits. This blog focuses on network traffic related to malware infections.

Contains traffic analysis exercises, tutorials, malware samples, pcap files of malicious network traffic, and technical blog posts with observations. The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention sinkholing DNS requests.

MetaDefender Cloud. These new malicious hashes have been spotted by MetaDefender Cloud within the last 24 hours.

The feeds are updated daily with newly detected and reported malware to provide actionable and timely threat intelligence.

Netlab OpenData Project. NormShield Services. NormShield Services provide thousands of domain information including whois information that potential phishing attacks may come from. Breach and blacklist services also available. Register today to network, explore U. Whether you work in the public or private sector, anywhere in the world, the Summit is your can't-miss event. Find answers to your privacy questions from keynote speakers and panellists who are experts in Canadian data protection. Join top experts discussing the critical data protection issues impacting Asia-Pacific businesses today.

Delivering world-class discussion and education on the top privacy issues in Australia, New Zealand and around the globe. The hub of European privacy policy debate, thought leadership and strategic thinking with data protection professionals.

Regardless, after a Baltimore man was found to have been arrested via Hailstorm assistance, a judge maintained that the lack of a warrant in this case meant his Fourth Amendment rights had been violated, a ruling that privacy advocates say is precedent setting.

Full Story. If you want to comment on this post, you need to login. Privacy Digest A roundup of US privacy news.

Join the Privacy List Have ideas? Member Directory Locate and network with fellow privacy professionals using this peer-to-peer directory.