There are more free information security tools out there than you can highlight with a fist full of whiteboard pointers. While many are trial ware-based enticements designed to lure decision makers to purchase the pricey premium counterparts of these freebies, many are full-blown utilities. A few important categories include threat intelligence tools, tools to build security in during the development stage, penetration testers, and forensics tools.
Threat intelligence tools include AlienVault’s Open Threat Exchange, which collects and shares online threat intelligence as well as the Hailataxii and Cymon.io threat exchanges. There are a variety of SAST (Static Application Security Testing) tools for security testing software applications that developers write using different languages whether C/C++, Ruby on Rails, or Python. For penetration testing, we present the Nmap Security Scanner and the broadly useful Wireshark network protocol analyzer. Specific forensics products include the GRR remote forensic framework, and Autopsy and SleuthKit, which analyze hard drives and smartphones, and the Volatility Foundation’s open source framework for memory analysis/forensics.