Security Innovation Supports Open Source Community with Free Security Tools to Identify and Mitigate Software Vulnerabilities

Security leader offers a wide set of tools for the open source community, including AuthMatrix, the highest rated authorization testing extension for Burp Suite


Wilmington, MA, May 14, 2018 (GLOBE NEWSWIRE) -- Security Innovation, a pioneer in software security assessment and training, believes the open source community and the software it produces is critical to many large and small organizations worldwide.  As part of this commitment, Security Innovation continually updates the company’s suite of free tools to provide security professionals with effective and time-saving ways to scrutinize software for vulnerabilities.

“Our mission is to help reduce the risk of software use so users can have the confidence they deserve in their day to day computing tasks, whether that software resides in web applications, IoT, mobile devices or the cloud,” said Joe Basirico, Senior Vice President of Engineering at Security Innovation.  “In addition to developing and releasing free and open source tools and software, an important part of our commitment to the open source community is to perform security assessments on open source software and work with those contributors to help resolve the issues that could put users at risk through the use of insecure software.”

Free Tools for the Open Source community include:

  • AuthMatrix for Burp Suite.  This free tool is highest rated authorization testing extension, and effectively automates manually intensive tests.  While other tools try to solve authorization with automation, producing large numbers of false positives and false negatives (missed vulnerabilities), AuthMatrix assists testers into fully modeling their target application so that every authorization test case can be captured, recorded, and verified. AuthMatrix can be found at the Security Innovation public Github page here.
  • Blockchain CTF.  This free, first-of-its kind platform for Smart Contracts, is an interactive “learn by doing” platform that leverages the company’s expertise in delivering realistic simulation training like its CMD+CTRL Cyber Range that accelerates security skills development. 
  • Holodeck. This unique test tool is the first fault simulation tool that allows testers to work in a controlled, repeatable environment to analyze and debug error-handling code.
  • PGPy. This pure Python implementation of PGP is a popular and powerful tool when building Python applications

Visit Security Innovation’s Security Tools web page to download specialized tools like fuzzers, static analysis scanners, AntiSQL libraries and more.

Additional contributions to the Open Source community include:

  • OWASP Community Contributor for nearly a decade, including:
     
    • One of eight contributing members to the 2015 re-launched OWASP OpenSAMM project.
    • Lead author of the free, open-source OWASP Top 10 Threats and Mitigations course, the most popular OWASP-offered CBT course.
    • Lead author of the free, open-source OWASP Top 10 Threats and Mitigations TEAM Mentor Edition, a repository of secure coding and remediation guidance.
    • Created and contributed all of the questions and answers to the OWASP Exams project.
  • Apache OpenMeetings security audit identified 24 security issues and CVEs were submitted.  If the issues discovered were not sufficiently remediated, an attacker could gain control of the OpenMeetings application and access private information belonging to users.

Security Innovation’s experts hold over 100 industry certifications and accreditations concentrated on Software Security, Network Security, and Information Security. Collectively the team has also published 18 books, and holds 10 patents (8 approved and 2 pending) covering advanced public key encryption and secure inter-vehicle wireless communication.

Click here to learn why Security Innovation is the worldwide leader in software security training and assessment services.

About Security Innovation                    
Since 2002, organizations have relied on Security Innovation for our unique software security expertise to help secure and protect sensitive data in the most challenging environments - automobiles, desktops, web applications, mobile devices and in the cloud.  A best in class security training, assessment and consulting provider, Security Innovation has been named to the Gartner Magic Quadrant for Security Awareness Training for four consecutive years. Security Innovation is privately held and headquartered in Wilmington, MA USA. For more information, visit www.securityinnovation.com or connect with us on LinkedIn or Twitter.


            

Contact Data