Collaborate Disseminate
I am searching for cybersecurity vulnerability management open-source tools. I’ve found:
Zeek
NetworkMiner
Arkime
GRASSMARLIN
Malcolm
to potentially meet my criteria above. Am I right?
Continue reading Open-source Vulnerability Management Tools [closed]
A few days ago I found a vulnerability in a site of scope using the Burp suite scanner with the command nslookup xxx.burpcolaborator.com exploit with the following feature:
Issue: OS command injection
Severity: High
Confidence: Certain
… Continue reading out-of-band data exfiltration Command Injection
The vulnerability test from Nexpose scanned the HP printers and last scan shows
"Blind SQL Injection / Remedation plan: Ensure that the Web
application validates and encodes user input before using it in a SQL
query.", CVSS 9.
I stumbled across a vulnerability considered a critical security risk (CVE-2023-25139) in one of container images I build.
Debian’s security tracker states it’s fixed: https://security-tracker.debian.org/tracker/CVE-2023-25139 – specifical… Continue reading Debian’s security tracker says a CVE is fixed, while BlackDuck scanner detects it
Opening a tricky question here, but do you think there are devices/assets on the network that are not worth including in a vulnerability scan scope?
I was thinking like A/C systems, Monitors, Docking stations… or whatever?
Do you think, … Continue reading Vulnerability scan scope
As far as I know, a load balancer distributes incoming network traffic based on the load/charge of resources (=> health checks) and on the volume of the inbound traffic
I was wondering if it is worth running a vulnerability scanner on a… Continue reading Is it worth doing a vulnerability scan on a load balancer?
We have recently developed a web application with a RESTful API backend. This web app need to have a certain security certification (something called PCI-DSS), and thus it is being scanned occasionally to identify potential vulnerabilities… Continue reading Why is the absence of a Content-Type header with a HTTP 204 response considered a security vulnerability and what should we do about it?
I have listed all the 3rd party components that are being used in the development environment and parsed them as a JSON file as following example;
{
"Technology": "WebGrease",
"Version": "1.5.2&qu… Continue reading Automated scan tool for 3rd party components in development environment [closed]
Anyone ever had a vulnerability scanning experience on HSM Thales Payshield?
In my company, we are performing security scans on our infrastructure and we are considering how to treat HSM. We are using Qualys, and our HSM management office … Continue reading Vulnerability scans on HSM Thales payShield [closed]
I am trying to set up an automated VAPT and Security audit tool to test our production systems in detail. The tool needs to run
automatically and unattended
at regular intervals and
tests/audits the system comprehensively
so that we know… Continue reading Tool to do unattended VAPT / security scan of the system(s) [migrated]