OWASP ZAP: a powerful tool to discover Websites vulnerabilities

OWASP Zed Attack Proxy (ZAP) is an integrated tool dedicated to penetration testing that allows to identify vulnerabilities in Web apps and Websites. It’s an easy and flexible solution that can be used regardless of the proficiency level: it’s suitable for anyone, from a developer at the beginning with pentesting to professionals in the field.

owasp zap cover

ZAP is composed by two macro-section. The first one is an automated vulnerability scanner that can identify problems and provides a report for developers, sysadmins and security pros with all the details of discovered vulnerabilities in order to fix them.
The second one allows ZAP to work as a proxy and inspect the traffic and all HTTP/S requests and events -- there’s also the interesting capability of modifying them to analyze behaviour that differentiate from the norm or analyze their triggers which can be harmful to the system.

Read more ...

GFI LanGuard: network security scanner and patch management

Properly keeping an IT infrastructure updated is a costly and weary activity: GFI’s LanGuard is a product conceived to structure and automate management process in a complete safety.

An example how dangerous is to have non updates systems is clearly shown by the very recent wave of infections by WannaCry, the ransomware that -albeit being targeted to a restricted number of users (they could have been way more had some remedies not been found promptly)- attacked Microsoft-based infrastructures in more than 150 countries. The ransomware exploited the EternalBlue vulnerability, which is available only on non-patched version of the operating system. Yet imagine what the outcome would have been if it targeted all Windows systems.

Read more ...

Pritunl: an enterprise and on-premises SDN based on OpenVPN

Pritunl is an open source platform capable of realizing distributed VPN networks. By leveraging the OpenVPN protocol it allows -according to the chosen licensing model- to setup virtual network architectures. In practice, it allows to easily connect devices inside or outside the walls, also in companies with two or more branches, creating a VPN managed with advanced rules and a centralized authentication system.Pritunl integrates several services of third parties like Amazon AWS VPC (Virtual Private Cloud, it’s a virtual network space in the Cloud available to users within the AWS suite) with automated failover and Single Sign On (SSO) authentication. Integration for the use of SSO include services like Google Apps, Slack, OneLogin Okta, DUO and Radius: each one of these service can be used to guarantee users the access to the Pritunl infrastructure with their own accounts and without having to use dedicated credentials. In case the Enterprise license is chosen, which allows the installation on an unlimited number of Pritunl server, the high availability with automated failover feature can be leveraged, also given the fact that there are no master nodes, instead each node acts as the same functional level of the others. Pritunl also integrates a server replication feature, thus offering an high level of scalability for clusters. With the aim of geographically distributed installations, the platform is based on the renowned MongoDB which offers an high level of reliability (in particular as the number of nodes and users grows) associated with the chance of replication.

Read more ...

A modular switch with 10GbE support by HP Enterprise: 5406R zl2

HPE (Hewlett Packard Enterprise) is a brand that needs no presentations in the networking world. Its high-end switch line features the Aruba 5406 zl2 switch, which is part of the family of modular switches Aruba 5400R.

In last year’s May, HP completed the acquisition of Aruba Networks, a leading provider of network solution and services, and it’s the name of the famous company to appear both in the name of the switch and on the Web management interface. The 5400R zl2 series aims to contexts where an high level of reliability is required in conjunction to a good degree of scalability. We have tried the model J9821A PoE+. We’d like to specify that, being modular solutions, the reference code of the chassis is J9850A, on top of which one or two management modules can be installed (J9827A, the controller) and up to 6 additional switch modules (32 Gigabit ports, SFP+ or 10GbE). The extractable trail for cooling fans, which is identified with J9831A, is considered as an autonomous module as well.

Naturally it’s a device conceived to be placed in racks, with an overall size of 4U, thus making it quite bulky and difficult to move. The unit we tried had three 32-port switching modules (J9550A) and a controller module.

Read more ...

ClearOS: Linux gets easy

What are the IT needs of most small Italian businesses? A reliable email server offering functional and ample mailboxes, one or more on-premises shares to share files and backups, a firewall/gateway for external connections with VPNs, a good level of protection against viruses, a backup system (online too) and basic collaboration tools for the employees.

Sure this brief introduction brought to your minds many software and appliances capable of satisfying one or more of these needs, but you’ll probably experience some difficulties in finding a single product that does all of that. ClearOS is an Open Source project based on Linux that offers almost all of these features and can be managed by a well organized, functional and handy Web interface without using a command line. Even if it’s an Open Source project, fortunately ClearOS has a company behind it (ClearCenter) that is not limited in the development and updating process, but also offers a wide marketplace with maintenance services, antivirus updates and additional features available exclusively through commercial packages.

Read more ...

banner eng

fb icon evo twitter icon evo

Word of the Day

In the field of Information Technology, the term piggybacking refers to situations where an unauthorized third party gains access to...

>

The acronym GDPR indicates the new General Data Protection Regulation, which will come into force on 25 May 2018. This...

>

The acronym DPO (Data Protection Officer) indicates the person or persons who, within the company context, are responsible for the...

>

InfiniBand is an input / output architecture for the transmission of data between high performance systems composed of CPUs, processors...

>

A Zero Day Exploit describes a situation in which specific and unknown vulnerabilities are disclosed to the public simultaneously with...

>
Read also the others...

Download of the Day

Netcat

Netcat is a command line tool that can be used in both Linux and Windows environments, capable of...

>

Fiddler

Fiddler is a proxy server that can run locally to allow application debugging and control of data in...

>

Adapter Watch

Adapter Watch is a tool that shows a complete and detailed report about network cards. Download it here.

>

DNS DataView

DNS DataView is a graphical-interface software to perform DNS lookup queries from your PC using system-defined DNS, or...

>

SolarWinds Traceroute NG

SolarWinds Traceroute NG is a command line tool to perform advanced traceroute in Windows environment, compared to the...

>
All Download...

Issues Archive

  • GURU advisor: issue 18 - April 2018

    GURU advisor: issue 18 - April 2018

  • GURU advisor: issue 17 - January 2018

    GURU advisor: issue 17 - January 2018

  • GURU advisor: issue 16 - october 2017

    GURU advisor: issue 16 - october 2017

  • GURU advisor: issue 15 - July 2017

    GURU advisor: issue 15 - July 2017

  • GURU advisor: issue 14 - May 2017

    GURU advisor: issue 14 - May 2017

  • GURU advisor: issue 13 - March 2017

    GURU advisor: issue 13 - March 2017

  • GURU advisor: issue 12 -  January 2017

    GURU advisor: issue 12 - January 2017

  • GURU advisor: issue 11 -  October 2016

    GURU advisor: issue 11 - October 2016

  • 1
  • 2
  • 3
  • BYOD: your devices for your firm

    The quick evolution of informatics and technologies, together with the crisis that mined financial mines, has brought to a tendency inversion: users that prefer to work with their own devices as they’re often more advanced and modern than those the companies would provide. Read More
  • A switch for datacenters: Quanta LB4M

    You don’t always have to invest thousands of euros to build an enterprise-level networking: here’s our test of the Quanta LB4M switch Read More
  • Mobile World Congress in Barcelona

    GURU advisor will be at the Mobile World Congress in Barcelona from February 22nd to 25th 2016!

    MWC is one of the biggest conventions about the worldwide mobile market, we'll be present for the whole event and we'll keep you posted with news and previews from the congress.

    Read More
  • 1