Vulnerability Tools
These are tools that house a database of the latest known exploits and vulnerabilities. Again, they are designed for Right and Good, and not for evil. Some of the listed tools are commercial and some are open source. You SHOULD become very familiar with these great tools and only use them to assess your own security. You SHOULD NOT use these against someone to learn how to break into their site.
And again, these tools were created with good in mind. I list them in this chapter due to the nature of what they can divulge, and to give you awareness for protection purposes.
Nessus
Refer to: http://www.nessus.org/nessus/.
This wonderful tool is offered in both a "no-cost" download and a commercial offering. The difference is that when you get access to the latest security definitions with the commercial offering, Nessus will scan a system and tell you what patches are missing, and which risks exist in the operation of the site. In a recent security audit for a client, we used...
