Ernst & Young Pvt Ltd

Details of the IT Security Audit Tools

Freeware

1. Nmap - Port scanner
2. Nessus - Vulnerability scanner
3. Nikto - Web server/application vulnerability scanner
4. Ethereal - Protocol analyzer
5. Somersoft - Security configuration, registry entries and access control lists on systems running the Windows operating system.

Commercial

1. App Detective - Vulnerability assessment and review of security configuration of MySQL, Oracle, Sybase, IBM DB2, MS SWQL Server, Lotus Notes/Domino, Oracle Application Server, Web Applications.
2. Bv-Control Suite - Security assessment -Microsoft Windows, Active Directory, Microsoft Exchange, Microsoft SQL Server, UNIX (Sun Solaris, HP-UX, AIX, Red Hat and SUSe Linux), Internet Security, Check Point Firewall I
3. HP WebInspect - Web Application Security assessment
4. IPLocks VA - Database configuration and vulnerability assessment
5. eEye Retina - Network Security scans and IT infrastructure vulnerability assessment
6. Immunity Canvas - Vulnerability exploitation framework for penetration tests
7. eTrust - Online vulnerability management framework.
8. Bv-Control - Security and segregation of duty review for SAP

Proprietary

1. iNTerrogator - Review of security configuration of systems running the windows operating system.
2. *nix scripts - A collection of scripts to assess the security configuration including file level ACLs on *nix systems (SCO OpenServer, Linux, HP-Ux, AIX, Solaris, *BSD).
3. Spider - Web application security assessment
4. FakeOra - Security assessment of 2-tier applications that use Oracle 8i (and above) as RDBMS.
5. S-SAT - A travelling SAP Security tool.
6. Permit - ERP risk assessment and control solution tool.
7. Assessor - Configuration review of Oracle Financials system.
8. WebSmack - Web Application inventory and vulnerability assessment .
9. EY/Mercury - Web based technical work plan generator to perform security configuration review of IT infrastructure.