- CANVAS 網頁安全測試工具
介紹Canvas是Aitel's ImmunitySec出品的一款安全漏洞檢測工具。 它包含150個以上的漏洞利用。對於滲透測試人員來說，Canvas是比較專業的安全漏洞利用工具。 Canvas也常被用於對IDS和IPS的檢測能力的測試。
Immunity CANVAS Professional
Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see our movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have PDF based tutorials available for download.
Single User License
- includes one quarter of standard monthly updates and support
- unrestricted (no target IP address limitations)
- full source code
- Your use of CANVAS Professional does not expire when your support period is over.
Supported Platforms and Installations
- Windows (requires Python & PyGTK)
- MacOSX (requires PyGTK)
- All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)
- CANVAS Professional's completely open design allows a team to adapt CANVAS Professional to their environment and needs.
- all documentation is delivered in the form of demonstration movies
- exploit modules have additional information windows
- currently over 370 exploits, an average of 4 exploits added every monthly release
- Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
- Exploits span all common platforms and applications
- to provide maximum reliability, exploits always attempt to reuse socket
- if socket reuse is not suitable, connect-back is used
- subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
- bouncing and split-bouncing automatically available via MOSDEF
- adjustable covertness level
- regular monthly updates made available via web
- exploit modules and CANVAS engine are updated simultaneously
- customers reminded of monthly updates via email
Exploit Creation Time
- exploits included in next release as soon as they are stable
Effectiveness of Exploits
- all exploits fully QA'd prior to release
- exploits demonstrated via flash movies
- exploit development team available via direct email for support
Ability to make Custom Exploits
- unique MOSDEF development environment allows rapid exploit development
Product Support and Maintenance
- subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team
- minimum monthly updates
- CANVAS is a platform that is designed to allow easy development of other security products. Examples include Gleg, Ltd's VulnDisco, DSquare's D2 Exploitation Pack and the Argeniss Ultimate 0day Exploits Pack.
Complete data protection for all endpoints—laptops, desktops, USB drives, optical media, and smart phones. Laptops, USB devices, optical media, and smart phones are a convenient way to work and exchange data with colleagues, partners, and even customers. The challenge is that this convenience brings with it a security risk if these devices are lost, stolen, or compromised by unauthorized software. To solve this problem, many organizations resort to solutions that either compromise security for productivity, or force a significant change in user behavior, or worse, are just "good enough.
Enterprises are increasingly deploying encryption to protect their most sensitive information. Unfortunately, deploying point solutions to protect email, disks, and files involves deploying and managing multiple management consoles. This piecemeal approach prevents organizations from addressing new requirements in a timely, cost-effective manner.
TotalFileGuard自動化電子資料保護系統採用世界先進加密技術－底層透明加密技術(Transparent Encryption for Document），提供企業最基礎也最堅固的一道防線，有效的補強以往技術的不足。TotalFileGuard完整保護自檔案新增、修改、複製、列印、另存新檔甚至檔案銷毀，全程皆在加密環境下受到最嚴謹的資料保護，有效防制駭客、木馬程式竊取企業智慧資產或是內部人員惡意地將重要資料外流。TotalFileGuard提供使用者最佳化使用，無需改變現有作業習慣，而靈活的管理政策與詳盡的日誌記錄，更有助於企業內部的彈性部署並提供稽核人員完整的資訊。