Blog Posts Tagged with "Scanning"

E85787adcaf7bca10e799cfd1cfd08f1

Compliance Combines with Vulnerability Scanning to Create Aegify

December 10, 2012 Added by:Michelle Drolet

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...

Comments  (1)

D8853ae281be8cfdfa18ab73608e8c3f

Post Exploitation with PhantomJS

June 17, 2012 Added by:Rob Fuller

PhantomJS is sweet for sweeping a ton of IPs and suspected HTTP/S sites, and look through a gallery of them to start figuring out which looks the most interesting… and we are going to essentially just that, except from a Victim machine...

Comments  (0)

B8db824b8b275afb1f4160f03cd3f733

Filling in some Blanks on Network Segmentation Faults

April 18, 2012 Added by:Jack Daniel

A couple of thoughts on the segmentation-for-security concept are worth elaboration: grouping by OS makes sense from a management perspective, but if you do that it won’t stop the aforementioned Bad Things from running wild, so consider how best to segment for your situation...

Comments  (0)

Ca77c9128684f4263450c6d728107608

Starting to Clean Up the Mess from PCAnywhere

February 09, 2012 Added by:Damion Waltermeyer

I realized not everyone was even sure how to go about starting to clean up from the PCAnywhere exploit. To start, I am going to share with you my method for finding machines that are potentially open to this exploit...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Brute Force and SSH Scanning Attacks

February 06, 2012 Added by:Headlines

ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Want Rapid Feedback? Try a Web Application Security Scan

December 27, 2011 Added by:Brent Huston

While this service finds a number of issues and potential holes, we caution against using it in place of a full application assessment or penetration test if the web application in question processes critical or highly sensitive information...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Scanning Applications Faster - A Chicken vs. Egg Problem

October 09, 2011 Added by:Rafal Los

We need to shift the security culture from "find bugs" to "fix bugs" or else we're in deep, deep trouble. Don't get me wrong, once the software industry has figured out how to write secure software by design, then we can worry about demanding bigger, better, faster scanning automation...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Strutting and Fretting Upon the Security Stage: The Playing Field

September 22, 2011 Added by:Infosec Island Admin

There are too many ways that a company can open itself up to vulnerabilities. It takes a rounded approach to do the due diligence for that company’s security posture. The information security business has become a leviathan of competing entities from the quacks to the bleeding edge...

Comments  (1)

8b5e0b54dfecaa052afa016cd32b9837

IPv6: The End of Security As We Know It

September 21, 2011 Added by:Craig S Wright

People have seen IPv6 as a simple addressing extension to the existing internet and see few changes to the way we secure systems. These people cannot be further from the truth. IPv6 will change the way we think about security. We need to start planning now or we will be left in the dust...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Simple Network Security Monitoring Tools

September 14, 2011 Added by:Dan Dieterle

You can then drill down from high level topics like Destination Country to recreations of the actual data sent in a few clicks. You can look at the information transferred including scripts, programs, pictures and videos. You can also search the entire data collected for specific identifiers...

Comments  (0)

6429389c5e8a4c9555be876f8484331a

Guide: A Vulnerability Management Buyer's Checklist

September 07, 2011 Added by:Sasha Nunke

Without proven, automated technology for precise detection and remediation, no network can withstand the daily onslaught of new vulnerabilities. Qualys provides this free 12-point guide that will help you determine what will work best for your organization...

Comments  (0)

099757b145caa6965ea51494adbc25ba

Establishing Vulnerability Management Programs

May 19, 2011 Added by:Drayton Graham

In the ever changing world of new vulnerabilities and associated threats, it is essential that an inventory is kept of the external systems, associated ports, services, and applications. If any one of these is unknown, or insecure, then the associated Risk Level changes...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI SSC Updates the ASV Training Program

April 05, 2011 Added by:PCI Guru

The ASV training program has blindsided the ASV community as it was a total surprise. Yes, there has been talk over the years at the Community Meetings and in other venues regarding ASV qualifications and training, but nothing ever seemed to come from those discussions...

Comments  (0)

6429389c5e8a4c9555be876f8484331a

Web Application Security for Dummies

March 09, 2011 Added by:Sasha Nunke

Web application security may seem like a complex, daunting task. This book is a quick guide to understanding how to make your website secure. It surveys the best steps for establishing a regular program to quickly find vulnerabilities in your site with a web application scanner...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Infosec Insights: Getting Indexed via Twitter – Good and Bad

March 02, 2011 Added by:Brent Huston

Clearly, search engines aren’t the only types of automated applications watching the Twitter stream. My guess is that scanning engines watch it too, to some extent, and queue up hosts in a similar manner. Just like all things, there are good and bad nuances to the tweet to get indexed approach...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The “Magic” Vulnerability – Revised

February 16, 2011 Added by:PCI Guru

You have options to avoid a failing vulnerability scan because of an unsupported OS. The best method, and the one I most recommend, is do not use unsupported operating systems in the first place. However, as a former CIO, I do understand the real world and the issues IT departments face...

Comments  (2)

Page « < 1 - 2 > »