|
|
Tools
|
WebApp Threat Matrix
|
|
V 2.1 |
| Compass Security, in cooperation with AXA Tech, has developed a threats and measures matrix for Web applications. The threats of Web applications are listed in an Excel sheet and it is visible for every threat which measure the respective risk addresses. The matrix can be used as a tool for project managers, security executives or software developers in the field of Web applications. A project manager or security executive can see at once which threats have to be addressed by what infrastructure or software components. A software developer receives hints how to encounter the threats while developing Web applications. The download consists of a matrix in the form of an Excel file and a PDF which explains the matrix in detail. |
| |
|
KeysGenerator
|
|
V 1.0 |
KeysGenerator
KEYS GENERATOR COPYRIGHT NOTICE, LICENSE AND DISCLAIMER.
Copyright (c) 2003 by Compass Security Network Computing AG
http://www.csnc.ch
Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies and that both, the copyright notice and this permission notice and warranty disclaimer, appear in any supporting documentation, and that the name of Compass Security Network Computing AG will not be used in advertising or publicity pertaining to the distribution of the software without specific, prior permission in writing.
Compass Security Network Computing AG disclaims all warranties with regard to this software, including all implied warranties of merchantability and fitness. In no event shall Compass Security Network Computing AG be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of this software.
THE CRYPTOGRAPHY CODE IN THIS SOFTWARE HAS NOT BEEN REVIEWED BY A CRYPTOGRAPHER!
WEP Key 1: e21e3861cb07e625e2a9d773b6
WEP Key 2: b7ab18bb7451bb471efeb717ea
WEP Key 3: 616a7b47810c3866f4ede95317
WEP Key 4: 62a4b7fc459dd2e1c8a98c7b5f
ESSID : +{kT9NCK4]6$%%Ku#)R?d_oLg;|W2#
IPSEC : wi_e+<"4EM'UfE%QQ8}:CXMD$&^aeir
|
|
|
| |
|
|
Process Monitor (Windows 2000 Kernel Hook)
|
The Process Monitor supports the user to gain full control over running processes on its host. Each time the OS tries to start a new application, the Process Monitor's driver intercepts the Windows 2000 CreateProcess function and asks the user if the process should start or not. The rules defining which process shall start or not can be pre-set by the user.
For install and remove instructions see the README.txt in the zip archive. |
 |
V1.2 |
| |
|
|
Java Object Inspector (Java Application)
|
| Inspection Tool for Java serialized data streams. It becomes possible to view and alter java objects before sending requests to the server. This tool is useful while security assessing a java application, i.e. an online banking application using a java client (as an alternative to the browser). The Java Object Inspector needs to be "injected" into the assessing application (hook injection). |
|
V1.0 |
| |
|
|
|
|
News
Fake job advertisement "Software Tester"
8/24/10 - Using various German Internet portals, a Mr Jackob Jochanson of itanalyticer is searching Software Testers in our name.
Practical workshops on the topic of Web Application Security facilitate proactive hacking defence
8/19/10 - On the occasion of the it-sa 2010 Compass Security AG conducts two workshops on „Web Application Security“. From 19 to 20 October, respectively from 21 to 22 October, the participants take on the role of the hacker and thus get to know the weapons of their opponents so far unknown to them. These especially designed events include a visit of the meeting point of the trade at the Congress Centre in Nuremberg (19 to 21 October 2010). Thus, workshop attendants gain an extra bonus: They benefit from short travelling distances, opportunities for networking, utilizing the infrastructure of the trade fair as well as being able to take part in the evening events.
August 23 - 27, 2010 - IT Security Week, Copenhagen (DK)
8/18/10 - Liga Distributions ApS will organize from August 23 to August 27 the IT Security Week in Copenhagen.
Compass invites to the Security Event 2010
6/7/10 - On Thursday, September 09, 2010 Compass Security AG organise their annual "Compass Event". For this seminar the ICT security service provider invites customers and other interested persons to the auditorium of the HSR University of Applied Sciences in Rapperswil / Switzerland. From 08:30 to 17:00 the participants benefit from the latest findings and experiences about ITC security in the frame of presentations, Live-Hacking demonstrations and speeches. A red-hot topic is brought up by Nicolas Seriot in his guest speech "iPhone-Hacking".
New at Compass: "FileBox" as an Appliance
5/25/10 - Compass Security AG have further developed their Web based transfer solution "File Box" and launched an appliance. Companies keep thus complete control of their data as the appliance is located on their own premises. The multitenant solution addresses mainly target groups who are dependent on a safe data transfer with customers or business partners, such as banks, insurance companies, chartered accountants, trustees, lawyers or medical doctors.
|
