Security News

News: Change in Focus

News: Twitter attacker had proper credentials

News: PhotoDNA scans images for child abuse

News: Conficker data highlights infected networks

News: Monster botnet held 800,000 peoples details

News: Google: no timetable on China talks

News: Latvian hacker tweets hard on banking whistle

News: MS uses court order to take out Waledac botnet

External Links

Free Tools

Security Technology Science is a supporter of Open Source and the free software community. We will try to license all libraries and/or simple tools created by us under the GNU General Public License, therefore not permitting you to incorporate our programs into proprietary programs without our expressed permission. We see this as a way of allowing the free dissemination of this knowledge for further exploration, research, development and innovation. If you wish to embed our technology into proprietary or commercial software, you must use a commercial version of our software. We sell alternative licenses, so if you wish to evaluate any of our software for commercial use, please (contact sales [at] securitytechscience [dot] com).

The Open Source tools listed below are free* and do not come with any implied or expressed warranty or support:

Proprietary Scanners

Educational Web Scanners

Ruby Libraries

Python Libraries - Deprecated

*available free only for personal, educational and non-commercial use.

 

White Papers

Research & Development is a key focal point to the growth and strength of Security Technology Science. So where possible we endeavor to provide knowledge back to the information security community in as open, honest and factual a way as possible. To achieve this we have provided an online knowledge base for guidance to enterprises seeking answers to a wide range of vital security issues and trends.

STS Scanner Tutorial

Download - Release Date: 20/01/2008

This paper is an howto on the correct usage of the STS Scanner. The information is made available to educate testers on how to discover these vulnerabilities and developers on how to prevent writing applications that contain these types of vulnerabilities.

Application Username Enumeration

Download - Release Date: 28/01/2007

Application username enumeration may not be so apparent once the application is developed. After all, you met all deadlines, budget limitations and all functional requirements. You even managed to provide extra error messages to help the end user when accessing your application. But this extra help has opened your application up to a serious security hole. To find out more about this vulnerability and how you can use our free* (see above) automated tools to discover this vulnerability in your applications and also how to remediate this vulnerability then click download above to get the whitepaper.