Kenna Security: Connectors and REST API

In the last post about Kenna Security cloud service I mentioned their main features for analyzing data from different vulnerability scanners. Now let’s see how to import Tenable Nessus scan results in Kenna. Here you can see the list of connectors for all supported products:

Kenna connectors

Three connectors for Nessus are available:

  • Nessus Importer retrieves existing scan results from your Nessus server.
  • Nessus Scanner can schedule scans on your Nessus server.
  • Nessus XML imports xml (.Nessus2) files.

First two connectors work with Nessus server directly. And they probably won’t work anymore with Nessus Professional 7, because of API removing (see “New Nessus 7 Professional and the end of cost-effective Vulnerability Management (as we knew it)“). If Nessus server is deployed on-premise you should use special Kenna Virtual Tunnel.

Last “Nessus XML” connector is the most flexible. No matter how you got your scan results, it will be possible to import them to Kenna. See how to get XML reports from from Nessus server in a post “Retrieving scan results through Nessus API“.  You can upload XML scan results using Kenna web GUI (not very efficient way, but for testing – why not?) or REST API.

To use Kenna REST API you will need an Application Token. Go to the the Settings menu -> Applications:

Kenna settings

Continue reading

Nessus Manager disappeared and Tenable.io On-Prem was announced

If you open Tenable Products page right now you will not see Nessus Manager there anymore.  Nessus Manager page “The Power of Nessus for Teams” was also deleted.

Tenable products

However, it is still mentioned in the product comparison. Agent-Based Scanning in SecurityCenter and SecurityCenter Continuous View “* Requires Tenable.io Vulnerability Management or Nessus Manager for agent management.”

Continue reading

Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted

The last time I was developing dynamic web applications years ago. I used CGI and PHP back then. 🙂 Now I am really interested in a modern approach, when you have a Single Page Web Application (SPA) written in HTML and JavaScript, that makes http requests to some external API.

It’s pretty cool, because your application becomes API-centric naturally. You work on human interface and improve integration capabilities at the same time. And the task of securing your web app mostly reduces to securing your formalized API.

nmap SPA GUI

The very best way to learn something new is to write a post about this stuff. 😉 Here I will reproduce my own steps of making a very basic web app:

  1. Launch Apache web-server with http/https.
  2. Make a simple API service: Nmap wrapper.
  3. Make a web-application with “multipage” experience. There should be at least two pages: Scan and About.
  4. On Scan page it will be possible to input a target (hostname or IP), scan arguments and  launch scan by clicking on the button. The same behavior will be if the target will be passed as a parameter in address bar.
  5. On other pages should be some static text.

As you can see, it is a very limited task, but it should clear up the most confusing parts of the process.

Continue reading

Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0

Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. You can read my description of the version 1.0 at “Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome“.

Vulners web vulnerability scanner v.2.0

Killing feature of Vulners web scanner v. 2.0 is that you can now see all vulnerabilities on all scanned sites in a single window. You don’t need to checks all Google Chrome tabs manually.

Moreover, if some sites make request to other servers, for example googleapis.com, these servers will be checked automatically.

The plugin was fully refactored and now it is React driven. It works faster, analysis more data sources and detects vulnerabilities more accurately.

Continue reading

Kenna Security: Analyzing Vulnerability Scan data

I’ve been following Kenna Security (before 2015 Risk I/O) for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various vulnerability scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts and reports are highly specific for my employer’s infrastructure and needs. And guys from Kenna team make a standardized scalable cloud solution that should be suitable for everyone.

I think their niche is really great. They do not compete directly with Vulnerability Management vendors. They can be partners with any of them, bringing additional features to the customers. Perfect win-win combination. That’s why Kenna speakers regularly participate in joint webinars with VM vendors.

I couldn’t lose a great opportunity to see Kenna Security service in action. 😉

In this post I will try to make a very brief review of Kenna functionality and formulate pros and cons of the solution.

When you submit trial request at https://www.eu.kennasecurity.com/signup (or https://app.kennasecurity.com/signup if you are not in Europe) you will get a link to your company account:

https://corporation.eu.kennasecurity.com/

The login screen will look like this:

Kenna login

Continue reading