Mobile Security

Complete list of Free Download Open Source Web Application Security Scanner Tools

1. Grabber by Romain Gaucher
http://rgaucher.info/beta/grabber/

Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network. Grabber is a very small application (currently 2.5kLOC in Python) and the first reason of this scanner is to have a "minimum bar" scanner for the Samate Tool Evaluation Program at NIST. Grabber is also for me a nice way to do some automatics verification on websites/scripts I do. Users should know some things about web vulnerabilities before using this soft because it only tell you what vulnerability it is... not how to solve it.

2. Grendel-Scan by David Byrne and Eric Duprey
http://grendel-scan.com/

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.

3. Paros by Chinotec
http://parosproxy.org/

Paros is for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go — there's no need to rely on a single third party. What's more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner's choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop.

Do you know that recently it was reported by some research that claims over 10,000 laptops are lost or stolen every WEEK at US airports. So here are simple six loss prevention tips for laptop during travelling.

Preventive Control Method
1. Place your laptop in the first bin you put on the belt of the X-ray machine. You should put your laptop bag in front of it./
Put the bin with your shoes, belt, purse, wallet, etc. right behind your laptop. And your carry-on bag last. The first thing you should do on the other side is put your laptop in its bag before the other luggage crashes into it and dumps it on the floor. Your other stuff separates it from the person behind you and in front of you.

2. Mark your laptop! Put a sticker on it. I know people hate to do this. But you should identify your laptop in such a way that you can quickly identify it.
There are lots of Dell computers our there. I have almost picked up the wrong laptop on many occasions. DO NOT TAPE YOUR BUSINESS CARD TO YOUR LAPTOP. Do not become a target by letting potential laptop thieves know just how valuable your laptop may be. My favorite marker for my Dell Latitude is the white Apple sticker I got with my iPod.

3. If you lose your laptop contact the TSA immediately.
Call the airport. Take action. I bet in 99% of the cases you can get it back.

Protective Control Method:
4. Protect your information If you keep a lot of personal or financial information on your computer
Also have the tools to protect your information through

Maintaining security while providing mobile workers with access to the information they need when and where they need it is complex. Protecting enterprise IT infrastructure requires a deep understanding of the risks associated with mobile applications, handhelds and wireless networks. The move toward wireless data access extends the perimeter of the corporate network and, like earlier innovations, raises many security issues. Compared with behind-the-firewall enterprise systems, wireless handheld computing systems are fundamentally different and involve incremental security risks. To ensure security across the entire system, enterprises must recognize and address risks across the three different links in a wireless handheld computing system:

1. Perimeter or firewall security — When a corporation wishes to make enterprise systems like enterprise messaging servers, CRM, ERP or intranet Web pages accessible wirelessly, the first priority is to maintain the security of the internal network. Any programs running inside the firewall must not open avenues of attack from programs running outside. Additional perimeter security considerations include:

o Authentication — Each component of a wireless system must be able to prove that it is authorized to communicate on the network. It must not be possible for an attacker to impersonate a handheld or server, thereby misleading authentic services into communicating with it.

Basically there are five key requirements for choosing the right mobile solution provider consist of:
- Enterprise-class security
- Application optimization with real-time push synchronization
- Broad handheld support and device-level integration
- Robust fleet management tools
- Flexible service and support

Based on research by Motorola group, Wireless access to enterprise information is going mainstream-driven largely by the needs and requests of individual employees within the enterprise. But while the need for wireless access is coming from the bottom up, the management of wireless access needs to be driven from the top down. Otherwise enterprises may find that wireless information access is a complex, chaotic and expensive endeavor with only ambiguous benefits. The key to turning wireless information access into a strategic IT initiative that delivers tangible ROI is developing an enterprise wireless information access strategy.