---------------------------------------------------------------Syhunt Sandcat (R) 4.2.5 README July 2011 ---------------------------------------------------------------(c) 2011 Syhunt Informatica Software. All rights reserved.

Welcome to the release of the Syhunt Sandcat Suite! ---------------------------------------------------------------CONTENTS ---------------------------------------------------------------LIABILITY DISCLAIMER -- READ BEFORE USING SYHUNT SANDCAT FEATURES SYSTEM REQUIREMENTS COPYRIGHT INFO ACKNOWLEDGEMENTS PROVIDING FEEDBACK ---------------------------------------------------------------LIABILITY DISCLAIMER ---------------------------------------------------------------This software should be used only by system administrators (or other people in charge). The entire risk arising out of the use or performance of such products and documentation remains with you. In no event shall Syhunt or its suppliers be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the products or documentation, even if Syhunt has been advised of the possibility of such damages. Because some states/ jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. ---------------------------------------------------------------FEATURES ---------------------------------------------------------------Sandcat Professional, the main product released by Syhunt, is an application suite. It contains a web security scanner, a web miner/spider, a log analyzer, and a web security hardening tool. The web application security management and scanning tools that are in Sandcat Professional are essential tools for scanning and pen-testing web sites and applications. Sandcat is the most standards-compliant web application security software available. It is compliant with the following standards:

HTTPS (SSL): Secure HTTP (HTTPS) is a protocol to transfer sensitive HTTP data over SSL (Secure Socket Layer). One of the most necessary features for web security scanning is the HTTPS support. In Syhunt Sandcat you use the built in HTTPS support. This makes very easy to get a quick overview of the security of a secure (HTTPS) web server. CVE: A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. Syhunt is part of the list of CVE-compatible products and services provided by the Mitre Corporation who created the standard. OWASP Top 10: The OWASP Top Ten is a list of vulnerabilities that require immediate remediation. Existing code should be checked for these vulnerabilities immediately, as these flaws are being actively targeted by attackers. The OWASP Foundation encourage companies to adopt the OWASP Top Ten as a minimum standard for securing web applications. SANS Top 20: The SANS Top 20 includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. The SANS Institute updates the list and the instructions as more critical threats and more current or convenient methods of protection are identified. It is a community consensus document. Syhunt provides a list of CVEs scanned that demonstrate Sandcat's compliance with the SANS Top 20 list. Check out this list to get an idea of what gets added to Sandcat: http://www.syhunt.com/?section=sandcat.cve Syhunt's Sandcat Professional software also provides a CVE search option. Sandcat Professional is available for Windows 95, 98, ME, NT, 2000 or XP. Features: # Sandcat Scanner # Sandcat Miner # Sandcat Log Analyzer # Sandcat Hardener ---------------------------------------------------------------SYSTEM REQUIREMENTS ---------------------------------------------------------------1. 20 MB of memory 2. 100 MB of free disk space 3. Internet connection 4. Any Win32 platform (Windows 95, 98, ME, NT, 2000, 2003 or XP) 5. As a user of Windows 2000, 2003 or XP, you may need to be logged in with full administration rights

---------------------------------------------------------------COPYRIGHT INFO ---------------------------------------------------------------Intellectual Property Information Copyright 2011 Syhunt, Ltd. All rights reserved. ---------------------------------------------------------------Syhunt, the Syhunt logo, product names and icons are registered trademarks of Syhunt Informatica Ltda. Syhunt Product icons are trademarks of Syhunt Informatica Ltda. All other product names or corporate names mentioned on this document may be trademarks or registered trademarks of their respective owners. The technology embodied in Syhunt Sandcat vulnerability assessment components and Syhunt security tools is protected by international Patent applications. You are also advised that Syhunt will aggressively enforce its intellectual property rights to the fullest extent of the law, including the seeking of criminal prosecution. ---------------------------------------------------------------ACKNOWLEDGEMENTS ---------------------------------------------------------------Great thanks to everybody who supported the beta testing effort of Sandcat, suggested changes or simply provided encouragement. There have been so many people that contributed to the Sandcat project. It is impossible to name them all, but I will try to list the most important ones. * * * * * * * * * * * * * * * * * * * * * * * * * Brent Huston, MicroSolved Paul Woroshow, ESR David Wray, Sec-Tec Michael Stokes, Stokes Technologies Marcelo Leo Caffaro Ryan Kazanciyan, Hideaway.net Oliver Hable Roberto Cesar Yoshihiro Kawabata Stuart Unsworth Giordani Rodrigues Renato Andalik Eduardo Phillipe Skel Shizuko Andre Diamand, Future Security Andre Freitas Ivan Ristic, ModSecurity.org David Alexandre Alexandre Oliveira Fabricio Leite Kleber Carriello de Oliveira Ruberley A. Silva Cau Moura Prado Paulo Lopes Arian Evans, Fishnet

---------------------------------------------------------------PROVIDING FEEDBACK ----------------------------------------------------------------

To send us your comments or feedback, please email feedback@syhunt.com