Collaborate Disseminate
Our solution contains jquery and javascript files.
We want to integrate a scanning tool for these files.
We are already using one tool for static code analysis and it is unable to identify the embedded jquery code.
Please suggest what tool… Continue reading Vulnerability scanner for the custom jquery files
I’ve been asked and given permission to scan IPs on a different continent.
The scan already takes 2-3 hours for their subnets within the country.
Will the increased latency cause a significant change to the scanning time?
I joined as an intern at this organization as a supposed cyber security consultant and now I’m expected to conduct a vulnerability assessment of the website and prepare a report on that.
Any suggestions as to what tools I can use for free … Continue reading Need help with the process of vulnerability assessing a website [closed]
We use an external scanner (Qualys) to scan our external assets. We have a firewall in front of the external assets, but it is configured to whitelist the scanner so that the external assets get scanned in-depth. But the firewall is also c… Continue reading ICMP timestamp – firewall configured to drop timestamp request, but vulnerability scanner can send request and get a response
I am having troubles finding and understanding when symbolic execution fail.
From my understanding tools like PathCrawler use symbolic execution. I gave it this code:
#include <stdio.h>
#include <string.h>
void vulnerable_func… Continue reading Code with BoF that cannot be detected by symbolic execution
I ran a Nexpose scan on a DNS that no longer resolves and a vulnerability was found : X.509 Certificate Subject CN Does Not Match the Entity Name
I don’t know why it’s still producing a vulnerability when the DNS should not even resolve.
H… Continue reading A DNS that has been eliminated is still resulting in X.509 Certificate Subject CN Does Not Match the Entity Name
In the weekend one of the servers got targeted by automated scanning attempts, reviewing the logs I noticed a new strategy, but I can’t make head or tails of the intent of this attempt.
These attempts are sometimes mixed with XSS and SQLI … Continue reading How to interpret a GET request by a vulnerability scanner application with seemingly no parameters?
I would like Masscan save just the found IP addresses to a .txt file. How to do that?
Continue reading How to have Masscan save just the IPs? [migrated]
Is it possible and how to import macros with .jar extension produced by Selenium into Webinspect (version 21.2) and then use them to conduct a scan? Can anyone help me?
Continue reading import macros with .jar extension produced by Selenium into Webinspect [closed]
What causes credential failure after running a Nexpose scan?
what is the possible solution
Continue reading why am i getting credential failure after running a scan in Nexpose?