Collaborate Disseminate
I am currently conducting vulnerability assessment and penetration testing for an OTC platform that facilitates energy import and export. The platform caters to two types of users: 1) Admin and 2) DISCOM, a normal user.
I am utilizing Burp… Continue reading Seeking Advice on Configurations for Vulnerability Assessment Scans in BurpSuite Professional [closed]
We have a project written in swift and would like to scan through the codebase to identify if it has any worth look at in perceptive of security and privacy. Or binary code is loaded.
Continue reading Any tool that we can scan through codebase to find something fishy? [closed]
I am searching for cybersecurity vulnerability management open-source tools. I’ve found:
Zeek
NetworkMiner
Arkime
GRASSMARLIN
Malcolm
to potentially meet my criteria above. Am I right?
Continue reading Open-source Vulnerability Management Tools [closed]
A few days ago I found a vulnerability in a site of scope using the Burp suite scanner with the command nslookup xxx.burpcolaborator.com exploit with the following feature:
Issue: OS command injection
Severity: High
Confidence: Certain
… Continue reading out-of-band data exfiltration Command Injection
The vulnerability test from Nexpose scanned the HP printers and last scan shows
"Blind SQL Injection / Remedation plan: Ensure that the Web
application validates and encodes user input before using it in a SQL
query.", CVSS 9.
I stumbled across a vulnerability considered a critical security risk (CVE-2023-25139) in one of container images I build.
Debian’s security tracker states it’s fixed: https://security-tracker.debian.org/tracker/CVE-2023-25139 – specifical… Continue reading Debian’s security tracker says a CVE is fixed, while BlackDuck scanner detects it
Opening a tricky question here, but do you think there are devices/assets on the network that are not worth including in a vulnerability scan scope?
I was thinking like A/C systems, Monitors, Docking stations… or whatever?
Do you think, … Continue reading Vulnerability scan scope
As far as I know, a load balancer distributes incoming network traffic based on the load/charge of resources (=> health checks) and on the volume of the inbound traffic
I was wondering if it is worth running a vulnerability scanner on a… Continue reading Is it worth doing a vulnerability scan on a load balancer?
We have recently developed a web application with a RESTful API backend. This web app need to have a certain security certification (something called PCI-DSS), and thus it is being scanned occasionally to identify potential vulnerabilities… Continue reading Why is the absence of a Content-Type header with a HTTP 204 response considered a security vulnerability and what should we do about it?
I have listed all the 3rd party components that are being used in the development environment and parsed them as a JSON file as following example;
{
"Technology": "WebGrease",
"Version": "1.5.2&qu… Continue reading Automated scan tool for 3rd party components in development environment [closed]