Collaborate Disseminate
Some DAST (Dynamic Application Security Testing) scanners report this as a vulnerability and they assign it a CVSS score.
Is it really considered a vulnerability? or it is a best practice?
Continue reading is Subresource Integrity (SRI) Not Implemented considered a vulnerability [closed]
I got a Dynamic Application Security Testing (DAST) scan that reports an issue on a web application.
It says "The web application contains a link to a non-existing domain" and it’s marked with severity high. The domain is fonts.g… Continue reading Web application contains a link to a non-existing domain, is this a vulnerability?
After running a Nessus scan, one of its plugins checks for cookie injection called "Web Server Generic Cookie Injection" (https://www.tenable.com/plugins/nessus/44135)
The scan shows that this issue exists on a site. It shows tha… Continue reading Web Server Generic Cookie Injection
I have found a WordPress site where the WP scanner provided me with:
[!] Title: Realtyna Organic IDX plugin < 4.14.8 – Unauthenticated SQLi
| Fixed in: 4.14.8
| References:
| – https://wpscan.com/vulnerability/d22a60bc-b… Continue reading How this SQL injection vulnerability could cause problems? [closed]
I want to run ZAP automated scan to a web application. I have the url which is example.com/myapp. When I browse the application in burpsuite, I can see some rest endpoints being called like example.com/authz/rights-administration/.
When ru… Continue reading Running zap scan on a web application is not detecting all endpoints
We want to use Tenable to scan our assets for DISA STIG-compliance. Since we use DISA STIG just as a baseline and are not required to strictly comply, we would like to tailor it to our needs. Since the .audit-files have sometimes a few tho… Continue reading Editor for Tenable DISA STIG files [closed]
I have created custom policies in Blackduck. I want my CI pipeline to break if the policy is violated.
I am running Detect with parameters such as
–detect.wait.for.results
–detect.policy.check.fail.on.severities
–detect.risk.repor… Continue reading I have created custom policies in Blackduck. I want my CI pipeline to break if the policy is violated [closed]
So can someone recommend me vulnerability aggregation tools that are taking inputs from tools like tenable nessus etc. I just need a tool that aggregates the scan results on a dashboard or something and maybe makes backlog tasks in azure d… Continue reading Vulnerability aggregation tools in 2025 [closed]
So can someone recommend me vulnerability aggregation tools that are taking inputs from tools like tenable nessus etc. I just need a tool that aggregates the scan results on a dashboard or something and maybe makes backlog tasks in azure d… Continue reading Vulnerability aggregation tools in 2025 [closed]
For network-based attacks, there are many tools that scan a system for open ports and perform fingerprinting to find out what software is running on the system.
Does something similar exist for USB ports that would detect available drivers… Continue reading "Scanning" available USB drivers on a port