Tools of the Trade

What are some of the more popular security tools that information security professionals use?

While SecTools.org hosts what may be the most comprehensive list of security tools online, below is a short list of tools that aspiring information security professionals should download and learn. (For more information, make sure to check out the Common Sense Security Framework.)

While this isn’t a complete list by any means, any infosec job applicant who has hands-on experience using these tools will definitely have an advantage over the other applicants.

 

Protecting Applications

• SonarQube
• OWASP Offensive Web Testing Framework
• Mozilla Observatory

Protecting Endpoints

• AV-Comparitives
• AV-TEST
• Local Administrator Password Solution (LAPS)

Protecting Networks

• OpenVPN
• FreeRADIUS
• LinOTP
• Authy
• Aircrack-ng

Protecting Servers

• Nmap
• OpenVAS
• Windows Group Policy
• Center for Internet Security Benchmarks
• SekChek
• Lynis
• Syslog-ng
• Splunk

Protect Data

• CUSpider
• Veracrypt
• LastPass

Protect People

• Social Engineer Toolkit

 

If you want to save some time, download these virtual machines that contain multiple information security tools.

Virtual Machines (VM’s)

• Kali Linux, the absolutely essential VM for penetration testing
• Samurai Web Testing Framework (WTF), for web application security testing
• Santoku Linux, for mobile forensics and mobile application security testing