vulnerability-scanners – Page 6

what is the solution to when a discovery scans in Nexpose site running for 0 seconds on most devices?

Posted on October 20, 2022 by Joe

What is the solution when a Nexpose discovery scan takes 0 seconds or runs for 0 seconds?
The vulnerability scanning tool(Rapid7) did not scan or pick up any assets.

Continue reading what is the solution to when a discovery scans in Nexpose site running for 0 seconds on most devices?→

Arctic Wolf versus other private vulnerability tools [closed]

Posted on September 16, 2022 by Alphonso Alves

Do you guys suggest any other tool to manage risks?
My feeling is – during the demo – everything is beautiful, but after implementation, many issues come to the surface.
Sometimes I don’t see the CONS over Gartner – https://www.gartner.com… Continue reading Arctic Wolf versus other private vulnerability tools [closed]→

How to conduct a comparison of popular secret scanning tools? [closed]

Posted on September 15, 2022 by jth

I’m attempting to conduct a thorough comparison of the popular tools available for secret scanning. Specifically, I’m currently comparing Gitleaks, TruffleHog, and git-secrets. I am only interested in the core secret scanning algorithms, i… Continue reading How to conduct a comparison of popular secret scanning tools? [closed]→

How to conduct a comparison of popular secret scanning tools? [closed]

Posted on September 15, 2022 by jth

How do you de-duplicate security risk findings obtained from various different tools?

Posted on September 12, 2022 by transcend3nt

You potentially use a variety of scanners and processes (e.g. Threat Modelling) which produces a set of overlapping outputs. How do you avoid repeated findings which are duplicated across toolsets?

Continue reading How do you de-duplicate security risk findings obtained from various different tools?→

Is a server using CBC without the encrypt_then_mac TLS extension necessarily vulnerable to the LUCKY13 attack?

Posted on August 22, 2022 by Tristan Nemoz

In order for a server to be vulnerable to the LUCKY13 exploit, it has to use a ciphersuite which uses CBC and must not use the encrypt_then_mac TLS extension. However, if both these conditions are satisfied, is the server necessarily vulne… Continue reading Is a server using CBC without the encrypt_then_mac TLS extension necessarily vulnerable to the LUCKY13 attack?→

SSLLabs’ SSLTest vs. nmap ssl-enum-ciphers

Posted on August 22, 2022 by dpr

Recently I conducted a SSL server test to assess the SSL configuration of my server. While the overall grade A+ was pretty good, it was found that the server supports several cipher suites that are considered weak according to SSLLabs (act… Continue reading SSLLabs’ SSLTest vs. nmap ssl-enum-ciphers→

Error in the SCANoval program

Posted on August 7, 2022 by Orkada

We were asked to install this program on a virtual machine and make a couple of scans, but it does not start with this error. If anyone knows, please help.

Continue reading Error in the SCANoval program→

how to fix tls ssl vulnerabilities in windows server? [migrated]

Posted on July 10, 2022 by Anonymous

Currently on our windows server (Windows 2016 R2) , we have following cipher suites installed:-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_C… Continue reading how to fix tls ssl vulnerabilities in windows server? [migrated]→

How to interpret the output of nmap "vulners"

Posted on July 8, 2022 by Son of Sam

I am trying to judge the security of a web app and I have the sample output below from nmap. But I’m not really sure how to properly interpret it.
Is it merely a printout of all the CVEs for this version of Apache2 (cpe:/a:apache:http_serv… Continue reading How to interpret the output of nmap "vulners"→