Audit Tools

Download WinPatrol 15.5.2008, 710KB, System Optimization tools (Free to try )

Clean up your Taskbar, ActiveX and Startup programs. WinPatrol monitors and exposes adware, keyloggers, spyware, worms, cookies, and other malicious software. This program puts you back in control of your computer with no need for constant updates. WinPatrol's goal is to help you better understand what programs are running on your computer and to alert you to any new programs added without your permission. Unlike traditional security programs, WinPatrol doesn't scan your hard drive searching for

Security Task Manager displays detailed information about all running processes (applications, DLLs, BHOs, and services). For each process, it improves on Windows Task Manager, providing a security risk rating, a process description, file path, CPU usage graph, start time, embedded hidden functions (for example keyboard monitoring, autostart entry, and browser supervision or manipulation), and process type, such as visible window, systray program, DLL, and IE plug-in. The security risk rating indicates the likelihood of the process being potential spyware, malware, a Trojan, or keylogger. It also deletes traces of your Internet and computer activity, prevents keyboard input monitoring, and warns you when the registry is changed. This process viewer also recognizes stealth processes and virtual driver software hidden from the Windows Task Manager.

Everyone who has been working in audit firm or especially those working for data analytical stuff must be familiar with ACL (Audit Command Language) Audit Software. This software according to the Internal Auditor magazine is "the most widely used data extraction and analysis product" and "the most widely used product for fraud detection and prevention" used in audit profession. Of course, just ask your friend in Big 4 audit firm such PwC, EY, KPMG, Deloitte, they must have ACL installed in their laptop.

However, the price of ACL is quite expensive to be used for educational purpose or for government usage. Then the perfect alternative for this situation is Picalo. Why I said Picalo is perfect, it’s free, at no cost.

“…Picalo is currently being used by organizations like the World Bank to stop corruption in developing countries…”
http://www.picalo.org/

Free download Google open-source Web app security assessment tool from Google security team
quick download (tar.gz)
download page

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.

Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.