2006 Security Tools Survey Out!
I just received an annoucement from Fydor of NMAP fame in the Philippine Honeynet Project mailing list annoucing the release of his 2006 Security Tool Survey. Here is the annoucement:
After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is delighted to release this 2006 survey. I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also will be pointing newbies to this site whenever they write me saying “I don’t know where to start”.
There is quite a long gap between 2003 and 2006. So there have been a lot of changes in the survey results. Of course, nessus is still on top despite its latest 3.0 being closed source. However, it is industry consensus that either a fork or some other solution will climb up to take its place. Wireshark still came at number 2 despite the name change from Ethereal. This swiss army knife of network sniffers is still king of network sniffers. What makes this product ultimately cool is the number of dissectors that are available. In general, most of the top tools now come with Unix, Linux and MS Windows versions. Unlike their previous counterparts that only provided Linux or Unix tools. This just means that as tools become more popular there is a greater drive to create MS Windows ports. Wireless buddies Airscan, Netstumbler and Kismet are now part of the list showing the growing popularity of WiFi networks. Thus, the growing popularity of Wifi-related security tools. Web application scanners such as Paros proxy and Nikto are now moving to the top. This shows that growing importance of web application security. This highest flying new comer is the Metasploit Framework. From nowhere in 2003, it is now number 5 on the list. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research.
Looks like a lot of new an interesting information security tools are in the market today. Also exciting is that older tools are now becoming more mature. However, the greatest change is this list is the growing number of Wifi and Web-related infomation security tools. This indicates that information security professionals are now putting the greater importance to Web and Wifi security.
