Blog Posts Tagged with "Scanning"


Compliance Combines with Vulnerability Scanning to Create Aegify

December 10, 2012 Added by:Michelle Drolet

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...

Comments  (1)


Post Exploitation with PhantomJS

June 17, 2012 Added by:Rob Fuller

PhantomJS is sweet for sweeping a ton of IPs and suspected HTTP/S sites, and look through a gallery of them to start figuring out which looks the most interesting… and we are going to essentially just that, except from a Victim machine...

Comments  (0)


Filling in some Blanks on Network Segmentation Faults

April 18, 2012 Added by:Jack Daniel

A couple of thoughts on the segmentation-for-security concept are worth elaboration: grouping by OS makes sense from a management perspective, but if you do that it won’t stop the aforementioned Bad Things from running wild, so consider how best to segment for your situation...

Comments  (0)


Starting to Clean Up the Mess from PCAnywhere

February 09, 2012 Added by:Damion Waltermeyer

I realized not everyone was even sure how to go about starting to clean up from the PCAnywhere exploit. To start, I am going to share with you my method for finding machines that are potentially open to this exploit...

Comments  (3)


ICS-CERT: Brute Force and SSH Scanning Attacks

February 06, 2012 Added by:Headlines

ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...

Comments  (0)


Want Rapid Feedback? Try a Web Application Security Scan

December 27, 2011 Added by:Brent Huston

While this service finds a number of issues and potential holes, we caution against using it in place of a full application assessment or penetration test if the web application in question processes critical or highly sensitive information...

Comments  (0)


Scanning Applications Faster - A Chicken vs. Egg Problem

October 09, 2011 Added by:Rafal Los

We need to shift the security culture from "find bugs" to "fix bugs" or else we're in deep, deep trouble. Don't get me wrong, once the software industry has figured out how to write secure software by design, then we can worry about demanding bigger, better, faster scanning automation...

Comments  (0)


Strutting and Fretting Upon the Security Stage: The Playing Field

September 22, 2011 Added by:Infosec Island Admin

There are too many ways that a company can open itself up to vulnerabilities. It takes a rounded approach to do the due diligence for that company’s security posture. The information security business has become a leviathan of competing entities from the quacks to the bleeding edge...

Comments  (1)


IPv6: The End of Security As We Know It

September 21, 2011 Added by:Craig S Wright

People have seen IPv6 as a simple addressing extension to the existing internet and see few changes to the way we secure systems. These people cannot be further from the truth. IPv6 will change the way we think about security. We need to start planning now or we will be left in the dust...

Comments  (0)


Simple Network Security Monitoring Tools

September 14, 2011 Added by:Dan Dieterle

You can then drill down from high level topics like Destination Country to recreations of the actual data sent in a few clicks. You can look at the information transferred including scripts, programs, pictures and videos. You can also search the entire data collected for specific identifiers...

Comments  (0)


Guide: A Vulnerability Management Buyer's Checklist

September 07, 2011 Added by:Sasha Nunke

Without proven, automated technology for precise detection and remediation, no network can withstand the daily onslaught of new vulnerabilities. Qualys provides this free 12-point guide that will help you determine what will work best for your organization...

Comments  (0)


Establishing Vulnerability Management Programs

May 19, 2011 Added by:Drayton Graham

In the ever changing world of new vulnerabilities and associated threats, it is essential that an inventory is kept of the external systems, associated ports, services, and applications. If any one of these is unknown, or insecure, then the associated Risk Level changes...

Comments  (0)


PCI SSC Updates the ASV Training Program

April 05, 2011 Added by:PCI Guru

The ASV training program has blindsided the ASV community as it was a total surprise. Yes, there has been talk over the years at the Community Meetings and in other venues regarding ASV qualifications and training, but nothing ever seemed to come from those discussions...

Comments  (0)


Web Application Security for Dummies

March 09, 2011 Added by:Sasha Nunke

Web application security may seem like a complex, daunting task. This book is a quick guide to understanding how to make your website secure. It surveys the best steps for establishing a regular program to quickly find vulnerabilities in your site with a web application scanner...

Comments  (0)


Infosec Insights: Getting Indexed via Twitter – Good and Bad

March 02, 2011 Added by:Brent Huston

Clearly, search engines aren’t the only types of automated applications watching the Twitter stream. My guess is that scanning engines watch it too, to some extent, and queue up hosts in a similar manner. Just like all things, there are good and bad nuances to the tweet to get indexed approach...

Comments  (0)


The “Magic” Vulnerability – Revised

February 16, 2011 Added by:PCI Guru

You have options to avoid a failing vulnerability scan because of an unsupported OS. The best method, and the one I most recommend, is do not use unsupported operating systems in the first place. However, as a former CIO, I do understand the real world and the issues IT departments face...

Comments  (2)

Page « < 1 - 2 > »