Checklists

Complete list of Free Download Open Source Web Application Security Scanner Tools

1. Grabber by Romain Gaucher
http://rgaucher.info/beta/grabber/

Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network. Grabber is a very small application (currently 2.5kLOC in Python) and the first reason of this scanner is to have a "minimum bar" scanner for the Samate Tool Evaluation Program at NIST. Grabber is also for me a nice way to do some automatics verification on websites/scripts I do. Users should know some things about web vulnerabilities before using this soft because it only tell you what vulnerability it is... not how to solve it.

2. Grendel-Scan by David Byrne and Eric Duprey
http://grendel-scan.com/

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.

3. Paros by Chinotec
http://parosproxy.org/

Paros is for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

Configuration Management

As the application is reviewed within the optimise phase, is the CMDB used to assist with the review?

Are Configuration Management personnel involved in the optimisation process, including providing advice in the use of and updating the inventory?

Change Management

As modifications are identified within this phase, does the team use the Change Management system to coordinate the changes?

Below some question audit checklist for backup process:

What SLAs are required for this server?
What is the role of this server? The role will have a direct impact on the backup options and requirements for it, and will directly feed into the remaining questions to be considered for servers. Sample server roles might include production, development, test, and quality assurance (QA).
Are there any special backup handling requirements for applications on the server?
Are there any special backup handling requirements for data on the server?
What times can the server be backed up?
What times are backups not allowed to occur?
What types of backups should this server receive? At minimum, most organizations will need to evaluate the necessity of the following:
Daily: What rotation between fulls, differentials, and incrementals are required?

Network Vulnerability Assessment Checklist is a simple checklist for your Vulnerability Assessment Checklist. This checklist contain 100 controls that every security professional / auditor could used during walkthrough process on the network infrastructure.

The strength of this checklist is could get a big picture of the current network security status. However some of the controls is lack of focus. At least you can use this simple checklist as reference for your assessment. And this checklist would be more useful if its combine with others control that unique to your environment.

Any opinion with this? hope it could be useful for you. Enjoy, and don't forget to give us some comments

The next time your organization gets hit with an e-mail virus, don't panic. Stay calm and use this six-part checklist to follow the steps needed to identify the virus, remove it, and make notes that will help you avoid future infections.

Download Page

Creating documentation is time-consuming and boring. It's also essential to maintaining the health and continuity of your Windows network. If your network documentation is weak (or nonexistent), recording the key details will be well worth your time. This checklist will help guide you through the process of documenting your physical network, servers and server apps, and Active Directory configuration. This popular checklist has been reformatted for ease of use, and it also includes a collection of links to a variety of TechRepublic's other network documentation resources.

Download Page

Whether you're helping a client tackle a move or relocating to a new building, you'll need to implement a system to help you get organized and avoid potential disasters. This checklist, based on suggestions submitted by TechRepublic members, covers questions, issues, and advice relating to office relocations.

Download Page

Download Free Firewall failure plan checklist. Whether your firewall is hardware- or software-based it's a terrific target for experienced hackers and at some point it will fail. How you prepare for that failure and the actions you take following the failure are critical. This comprehensive Firewall failure plan checklist contains two sections: a checklist of critical information to have on hand and a list of techniques for troubleshooting both operational and non-operational firewall failures.

Download Page

1. Unique user ID and confidential password required    
2. Additional identification required for remote access
3. "Help" screen access available to logged-on users only
4. Last session date and time message back to user at sign-on time
5. Exception reports for disruptions in either input or output
6. Session numbers for users/processors that are not constantly logged in
7. Notification to users of possible duplicate messages
8. Threshold of errors and consequential retransmission on the network related to management via automatic alarms
9. Encryption requirements    
10. Encryption key management controls
11. Message Authentication Code requirements for nonencrypted sensitive data transmission
12. System authentication at session start-up (wiretap controls)
13. Confirmation of host log-off to prevent line grabbing
14. Downloading controls for connected intelligent workstations
15. User priority designation process
16. Transaction handling for classified communications
17. Trace and snapshot facilities requirements
18. Log requirements for sensitive messages
19. Alternate path requirements between nodes
20. Contingency plans for hardware as well as all usual system requirements
21. Storage of critical messages in redundant locations
22. Packet recovery requirements
23. Physical access for workstations when units are not in use

What is an Audit Committee?
The Audit Committee is regarded as the cornerstone of the Board’s oversight process and has critical governance responsibilities related not only to public financial reporting, internal controls, and management of financial risks, but also to the oversight of an organization’s values and ethics

Audit Committees need to ensure that all those involved in the financial reporting and internal controls process understand their roles, and carry out their responsibilities in an efficient and effective manner Hence, Audit Committees operate at the junction between the Board of Directors and its external auditors, its internal auditors, and its executive management

Audit Committees form many of their judgments of management’s performance based largely on the information and feedback obtained from internal and external auditors. Hence, developing an effective working relationship with both external and internal auditors is essential for an Audit Committee to effectively fulfill its oversight responsibilities