SANS released a paper on Web Applications Audit. It’s more of a guide to low hanging fruit website assessment, but still is a good resource . The article begins with setting up , adjusting and configuring the tool arsenal and then walks the reader trough implementation and conclusions.

BackTrack is the most Top rated linux live distribution focused on penetration testing. The long-awaited (~5 months) tool has reached it’s Version 2.0 final stage. There are a lot of changes since the last Version as mentioned on the Changelog.

SIPcrack is a SIP login sniffer/cracker that contains 2 programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a wordlist or standard input.

It seems that debate over the automatic tools vs. manual penetration tools raises serious questions within the government agencies.South Carolina and Delaware already use Core Impact, other might follow: