Collaborate Disseminate
Is there an nmap vulnerability scanning script (vuln, vulscan, nmap-vulners etc) for scanning target Android devices on the network?
If not, is there any specific scanning tool that scans for CVE on target Android devices?
Continue reading Vulnerability scanning on target Android device
Scanning all of spidered URLs with a tool such as OWASP Zap can be computationally expensive on large apps. Have there been any studies on the adequate number of URLs (just the unique resources) to scan to have, let’s say, 95% confidence l… Continue reading Web app vulnerability scanning: how many URLs to check?
OWASP ZAP is used to scan vulnerability on web application but its site says " Because this is a simulation that acts like a real attack, actual damage can be done to a site’s functionality, data, etc."
So why would someone use i… Continue reading Why use OWASP ZAP when it could damage the web application?
Is there any free or paid service to get updates of recent security vulnerability updates of different systems? I have heard about the NVD but it is a manual process to find the vulnerabilities from this database. Is there anything that is… Continue reading Security vulnerability updates [closed]
I need to use Nuclei to create some templates for a site. But to locate the bug, I have to use some information that the site returns after the first request. Is it possible to take it from the response and use it in the next request?
… Continue reading How to use parameters from response in new request in Nuclei?
I need to use Nuclei to create some templates for a site. But to locate the bug, I have to use some information that site returns after the first request. Is it possible to take it from the response and use it in the next request?
Continue reading How to use parameters from response in new request in Nuclei?
Coverity shows the block of code as unsafe deserialization:
String str = OBJECT_MAPPER.writeValueAsString(body); //Body is user controlled
Ferarri myclassobj = OBJECT_MAPPER.readValue(str, Ferarri.class);
(Coverity: The virtual call res… Continue reading Coverity flags as unsafe deserialisaton. Is this vulnerable?
Assuming a SOC in a Big Cap company which has >3000 web applications. Web App scans are performed at the moment, but they scratch the surface as scans are unauthenticated.
As
there is no way SSO will be put on all of these apps (utopic… Continue reading Authenticated application scans across thousands of webapps with different credentials
The first erros appear to be:
May 5 23:19:42 in-target: Test completeness and readiness of GVM-11^M
May 5 23:19:42 in-target: Step 1: Checking OpenVAS (Scanner)… ^M
May 5 23:19:42 in-target: OK: OpenVAS Scanner is present in… Continue reading alienvault installation fails with gvm setup errors in log
Nmap: Nmap is a powerful open source network exploration and security auditing tool that can help identify vulnerabilities in a system. It is widely used for port scanning, version detection, and network mapping. Nmap can also be used for vulnerability… Continue reading Top 5 Open Source Vulnerability Security Scanning Tools