About

Security Objectives is an elite software security development company focused on application security flaw and fix’s. 

Security is often neglected until the last minute, when the problem is intractable and the decision to enact a realistic model for success, with business context in mind, rarely chooses the hard road.

2 Comments »

2 Responses to “About”

  1. Roy Says:

    April 3, 2008 at 3:50 pm

    Shane,
    I was wondering if there was a good starting point, suite, or methodology to circumventing vulnerabilities (0day) found in IPv6. Many of the testing suites such as Metasploit, Backtrack, etc don’t have an extensive library of tools. I’ve been using one IPv6 fuzzer but its very limited.

    Help will be appreciated.
    rp

    Reply
  2. shanemacaulay Says:

    August 29, 2008 at 4:42 am

    Well, our product will ;) beta soon, Q4 this year, if you’re interested please email me directly. Our application will conduct comprehensive security assessments on targeted binaries using an intelligent process to connect code and data patterns to understand application behavior automatically. Then conducting pathological input generation based on code execution towards compleation. Being a dynamic tool we do not suffer the fate of static analyzers, essentially there is no halting problem.

    I guess until we release, I know you said you checked for, but here’s a list of resources I pulled from our internal wiki.

    http://www.owasp.org/index.php/Category:Vulnerability Common types of software vulnerabilities from OWASP (Open Web Application Security Project)

    http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html Penetration Testing Framework

    http://penetrationtests.com Penetration Testing Directory Project

    http://www.oissg.org/issaf/index.php Information Systems Security Assessment Framework

    http://www.isecom.org/osstmm/ Open Source Security Testing Methodology Manual

    http://webappsec.org/projects/threat/ Web Security Threat Classification from the WASC (Web Application Security Consortium)

    http://www.security-database.com/toolswatch/ Security Database Tools Watch

    http://remote-exploit.org/backtrack.html BackTrack? Linux LiveCD Focused on Penetration Testing

    http://samurai.intelguardians.com Samurai Web Testing Framework Linux LiveCD Focused on Web App Pen-Testing

    http://fuzzing.org/fuzzing-software List of fuzzers from Michael Sutton’s Fuzzing Book Site

    http://www.packetstormsecurity.org List of fuzzers from PacketStorm?

    http://pycheesecake.org/wiki/PythonTestingToolsTaxonomy#FuzzTestingTools PythonTestingToolsTaxonomy? – Cheesecake – Trac

    Reply

Leave a Reply