Burp Suite 1.3

Tools WebSec

Burp Suiteがバージョンアップしました。free editionの追加機能としては、professional editionでversion 1.2以降追加された機能が反映されているようです。
追加された機能は以下の通りです。

New features in Burp Suite free edition include:

  • A new message editor/viewer optimised for HTTP requests and responses, with colourised syntax, mouse-over decoding, and quick conversion functions.
  • Facility to add comments and highlights to the proxy history and site map.
  • Support for AMF-encoded messages.
  • Improved handling of SSL server certificates, to eliminate browser SSL warnings and connection problems with thick clients.
  • Copy to file / paste from file to facilitate working with binary content.
  • New display filters.
  • Much enhanced extensibility.
  • Configurable DNS resolution, to override host resolution, facilitating work with non-proxy-aware clients.
  • Fine-grained upstream proxy rules.
  • Exporting of HTTP messages and metadata in XML format.

New features in Burp Suite Professional include:

  • Improved text search, with regex support, scope restrictions, dynamically updating results, etc.
  • Automated discovery of unreferenced content.
  • Scripts and comments search.
  • Wizard for performing more effective scans of multiple items.
  • Target analyser.
  • Manual testing simulator.

OpenVAS 3.0

Tools

OpenVASがメジャーバージョンアップしたようです。モジュールアーキテクチャーが変わって、スキャナのコアモジュールが、以前の4つから2つに変わってます。
3.0での変更点は以下のとおり。

  • A new internal architecture of the modules
  • NVT Meta Information that is free of arbitrary size limits
  • IPv6 support
  • WMI clients support
  • Supports upcoming optional extensions:
    • OpenVAS Manager for storing and organizing scans on a central server in a SQL database
    • OpenVAS Administrator for User-, Feed- and Settings-Management
    • Greenbone Security Assistent for a web-based Vulnerability Management

Security Guidance for Critical Areas of Focus in Cloud Computing V2.1

Documents

Cloud Security Alliance(CSA)が安全なクラウド・コンピューティングの実現に向けたガイドラインの第2版をリリースしたようです。