Open source IT security tools

Logo NBS System

The open source philosophy has been present in the IT field since the first pieces of software were developed. Its basic principle consists of sharing a software’s source code so that it can be finalised, maintained, or improved in a collaborative way. NBS System adopted this philosophy from the start by using open source tools internally, contributing to these projects, and even creating IT security tools with our experts.

Everyone makes a contribution, and everyone wins with better, more complete, and more secure solutions!

See NBS System’s page on GitHub!

 

NBS System and open source: a story that lasts

Open source expanded in the late 1990s thanks to the growing popularity of Linux and the release of Netscape’s browser source code. In 1998 this term appeared for the first time to differentiate itself from the Free Software movement.

NBS System was founded in this context in 1999. For our two founders, it was obvious to integrate ourselves into this open source community whose values they shared, such as education, collaboration, and this search for “always better … together!”. It was the choice of testing only Linux systems’ security that gave the company its name: NBS System… for No Blue Screen System!

Since then, we have not deviated from this guideline. We always perform security testing on Linux environments, and we host and manage Linux platforms, including with open source computer security tools.

Open source is a way of thinking internally and with our clients

This open source philosophy is heavily anchored in NBS System’s company culture and is something that motivates our teams. It serves as a guide for our development and continuous improvement. This principle makes a mark on our Research & Development projects, in particular; each employee can contribute on a large or small scale. Through discussion and working together on these IT tools, our experts gain skills and take pride in their work, and we produce more effective services for our clients!

Furthermore, they also benefit from this sharing mindset. The open source attitude can manifest itself as feedback, without necessarily having to dig into the code yourself: suggest a new feature, flag a bug or a flaw, or share your appreciation of a service.

We count on our clients to audit us and to share the problems as well as the successes of the projects we share with them. Our job is to meet your needs, and we can only create the best solutions together.

 

Open source tools: use, collaboration, creation!

As we mentioned above, open source was present from the beginning at NBS System when our business was limited to penetration tests. Since then, the company has evolved, but open source software is still part of our daily lives.

When our customers asked us to host their servers, developing our hosting business starting in 2008, we turned to open source technologies: Apache, NGINX, OTRS, and Salt: today, we still use the same software or equivalent and participate in their development.

NBS System sponsors the Grsecurity open source project which produces a hardening patch for the Linux kernel that we use to strengthen our customers’ servers and our in-house equipment.

But to really add something to the open source ecosystem, you must get your hands dirty. That’s why NBS System’s security experts have time dedicated to R&D for open source security tools. 7 projects, each on a larger or smaller scale, have already come out of our “think tank “, including an application firewall for Nginx, NAXSI, widely recognised for its effectiveness and already used by many companies to protect their personal data.

Open source technology: a personal investment from our employees

Our employees also take part in this investment by helping to develop open source tools on an individual basis.

Contributions from the IT security team

Our security experts are very active in the open source community. Here are few projects to which they contribute.

  • Metasploit – a recognised framework for penetration tests
  • Wappalyzer – an application scanner that can identify the technologies a website uses (such as CMS, servers, or analysis tools)
  • Radare2 – a set of command line tools and reverse engineering frameworks. It is derived from the Radare project and can be used for forensic investigations or virtual patching.
  • The Vulndb database – a vulnerabilities database
  • WAF Research – an application firewall research project
  • Mobile Security Framework – an automated web application penetration testing framework for static and dynamic analyses, malware detection, and API testing.
  • Vulscan – an advanced vulnerabilities scanner
  • Onionshare – a secure, anonymous file sharing tool
  • Sparta – a penetration testing tool on network infrastructures
  • Arachni – an application scanner to identify vulnerabilities

Contributions from the Infrastructure & Networks team

Open source isn’t just for IT security! Our infrastructure and network experts are also active in the ecosystem.

  • Bugzilla – a bug report manager
  • NetBSD – a fast, free, secure, and very portable operating system. Our expert contributes through the software package manager pkgsrc. Among the most notable software packages:
    • Logrotate (with upstream patch report) – a daemon to run, compress, delete, and forward system log files
    • Fail2ban (with upstream patch report) – a tool that scans log files and bans IP addresses that make too many password errors
    • Dehydrated – a Letsencrypt/acme client implemented as a shell script

Is your project open-source oriented, and are you looking for a partner who understands your issues?

Contact our team!

Open source security: NBS System’s expertise

21 years of experience

NAXSI: 2,500 stars on GitHub

PHP Malware Finder: 700 stars on GitHub

Snuffleupagus: 100 stars on GitHub