Collaborate Disseminate
For network-based attacks, there are many tools that scan a system for open ports and perform fingerprinting to find out what software is running on the system.
Does something similar exist for USB ports that would detect available drivers… Continue reading "Scanning" available USB drivers on a port
I’m looking for a vulnerability scanner (SAST, SCA, or other) that flags in-code CDN scripts where the script is referencing a vulnerable package (ex. jQuery 1.9 is susceptible to XSS). Typically, SCA scans find vulnerable 3rd party packag… Continue reading Vulnerability scanner for CDN scripts [closed]
I am running nmap on an http server, and I got the netty version used by the server.
Netty version used is 9.4.53.v20231009 , I tried to check online for CVEs related to this version, and it seems this versions is not directly linked to CV… Continue reading can vulnerabilities in transitive dependencies be exploitable?
Using SAST / SCA tools within the delivery pipelines is quite common these days; however, in the software my teams are building, the SAST tools that we’re using are very rarely finding even relatively important security gaps – for the most… Continue reading Is there evidence that using SAST / SCA brings positive ROI to software companies?
So, long story short, I was using an automated vulnerability scanner on a website (bounty hunting is allowed and encouraged,) and it works by injecting payloads in forms and URLs etc., to trigger responses that might indicate SQLi, XSS, CS… Continue reading Should an HTTP error 500 triggered by an XSS payload be reported as a potential vulnerability?
My company has a lot of projects and uses various vulnerability scanners (e.g. Trivy, npm audit, SAST,…) in different stages in each of them.
The Problem is now that although they run well, it’s not easy to keep the overview over each of… Continue reading How to manage a lot of vulnerability scanners from CICD Pipelines?
I want to run vuls scanner from within an alpine container.
alpine is listed as supported OS.
Since I am within a docker container I want to avoid running vuls as a container itself (to skip the trouble of having to run dind etc)
However w… Continue reading Run vuls scanner from within alpine container
My mail server (IP, not domains) was recently flagged as a spam source by Spamhaus and I’m looking for help at tracking down the source.
First, I verified the forward and reverse DNS records, SPF records, and the SMTP service HELO. Next I… Continue reading Locating Spambot
I am currently conducting vulnerability assessment and penetration testing for an OTC platform that facilitates energy import and export. The platform caters to two types of users: 1) Admin and 2) DISCOM, a normal user.
I am utilizing Burp… Continue reading Seeking Advice on Configurations for Vulnerability Assessment Scans in BurpSuite Professional [closed]
We have a project written in swift and would like to scan through the codebase to identify if it has any worth look at in perceptive of security and privacy. Or binary code is loaded.
Continue reading Any tool that we can scan through codebase to find something fishy? [closed]