If you are stuck for what to put into your executive summary for that high profile project you’re trying to get approved, try out this site: The Corporate B.S. Generator. Some of the generated phrases are frighteningly close to the lingo we see every day!

This is a (non-comprehensive) list of the various security tools I have used. I started this list to keep track of tools that I've tried out and the level of satisfaction with them. Obviously there are hundreds of tools that any IT security professional uses throughout their career, so I'm just starting to put down the most recent, interesting or particularly effective. As I have time, I'll update and add comments/reviews/examples as well as break this into categories as the list grows.

Assessment / Attack Tools

Web Application Attack and Audit Framework (w3af)  w3af.sourceforge.net

IBM Rational AppScan  www-01.ibm.com/software/awdtools/appscan

Samurai Web Testing Framework samurai.inguardians.com

Visualization Tools

SecViz Security Visualization (davix) www.secviz.org/node/89

Password Tools

L0phtcrack  www.l0phtcrack.com

Forensics

V3RITY Oracle Database Forensics (www.v3rity.com/v3rity.php)  – "V3RITY is a tool that can be used in an Oracle forensics investigation of a suspected breach. It is the first of its kind and is currently in the beta stages of development."