Yahoo has open-sourced Gryffin, a scanning platform for web applications.
Malware peddlers don't always have to steal or buy (from sellers on underground forums) legitimate and valid code-signing certificates to sign their malware with - sometimes the certificates can be found just "laying around" in open source software and code repositories.
Since Monday, security pros can add another XSS-finding tool to their arsenal, as Netflix has open sourced their cross-site scripting payload management framework dubbed "Sleepy Puppy." Sleepy Puppy is meant to address the biggest problem with identifying omnipresent XSS issues: finding them not only on targeted applications, but also on others that are not available to the tester, but whose presence ultimately also endangers users.
Lynis is an open source security auditing tool. Commonly used by system administrators, security professionals and auditors, to evaluate the security defenses of their Linux/Unix based systems.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.