Security Tools

In-House, Open-Source and Commercial

At Security Brigade, we leverage a combination of in-house developed, commercial and open source tools as part of our process. Each tool is carefully selected, tested and documented by Security Brigade's R&D team based on requirements from the audit teams.

Not all applications and networks are alike and as such there is never one tool that will do a great job across all of them. To address this limitation, the set of tools to be used for any audit are intelligently selected by E.D.I.T.E (Our intelligent workflow-driven audit management platform).

The following is an overview of the process:

  • E.D.I.T.E profiles the application or network and maps out various criteria (Platforms, Vendor, Legacy, Known Softwares, etc)
  • Based on internal benchmarks, E.D.I.T.E identifies the best set of tools to be run for this specific audit profile
  • The list of selected tools along with reasoning and runtime details are displayed to the auditor for approval.
  • Once an approval is received, E.D.I.T.E executes the selected tools and parses the output into a central database
  • Data from all the tools is correlated, cross-referenced and presented to the auditor for further analysis
  • Each time E.D.I.T.E is run, it uses the data collected to improve its internal benchmarks and therefore constantly learns and optimizes itself

In-House Developed Tools by our R&D Team

sdFinder Identifies internal hosts on non-contiguous IP ranges. It allows us to detect sensitive information about our clients commercial, intranet and extranet networks.
webDiscovery Identifies as many applications as possible on Client web-servers. The applications discovered through webDiscovery allow us to provide a superior web-application security testing service than competitive services and products. It allows us to increase the scope of the audit and cover more areas that could be attacked by malicious users; that would not be covered by a traditional audit.
networkMapper Network Mapper uses proprietary technology to be able to identify alternative network routes to bypass security mechanisms such as IDS/IPS/Firewall etc. It allows our experts to bypass existing security implementations and gain direct access to the systems behind them.
webTester Utilizes our Benchmark Development System to ensure that we can identify maximum vulnerabilities in applications through automated mechanisms. Along with flaws that are known, it uses in-house research to test for vulnerabilities that are not in the public domain. It allows us to automate the process of identifying and testing known and unknown vulnerabilities in Web-applications and strike a cost-effective time to effort ratio.
VA Framework Integrated solution developed by our security experts that have an expertise in the vulnerability assessment domain. It allows us to integrate the manual and automated testing processes with commercial and open-source software. Our Integrated Reporting Engine allows us to cross-reference information from all the different components and generate a report based on our Client's requirements.
PT Framework Integrated solution developed by our security experts that have an expertise in the penetration testing domain. It allows us to integrate the manual and automated testing processes with commercial and open-source software. Our Integrated Reporting Engine allows us to cross-reference information from all the different components and generate a report based on our Client's requirements.
webSpider Uses advanced HTML, Java Script, Ajax, Flash and XML parsing engines to identify and map as much of the client applications as possible. This not only assists our automated webTester engine, but also assists in carrying out the manual testing process in an efficient manner. It allows us to attain a cost-effective balance between thorough testing and time required.
sapScan Security and Configuration Assistant for SAP Security Audits.
riskReview General Risk Assessment Tool.
erpInterrogate ERP Security and Configuration Assessment and Control Tool.
Windows Batch Scripts Windows batch scripts to automated routine server hardening functions and processes.
Linux Bash Scripts Linux Bash scripts to automate routine server hardening functions and processes.
Oracle Security Assessment Scripts Oracle Security Assessment Scripts to automate routine hardening functions and processes.
MSSQL Security Assessment Scripts MSSQL Security Assessment Scripts to automate routine hardening functions and processes.
Internal Vulnerability Database Automated vulnerability database that is updated every 15 minutes from over 100 public and 20 private feeds.
SQL Explorer Identifies vulnerabilities in and retrieves data from MSSQL, MySQL, Oracle, PostgreSQL, MS Access etc database servers.