Monthly Archives: April 2016

Who will take the market share of McAfee Vulnerability Manager?

McAfee® Vulnerability Manager (MVM) End of Life

We are observing an interesting case now. Short time ago, Intel Security have finally killed their McAfee® Vulnerability Manager (MVM) / FoundStone product and mutually with Rapid7 presented “Nexpose‬ Migration Toolkit”.

MVM to Nexpose migration

The Migration Toolkit contains Deployment and Migration related documentation that outlines the migration path, as well as a proprietary utility to easily migrate several key components of the customers MVM deployment into Nexpose.

Continue reading

High-Tech Bridge service and API for SSL/TLS server testing

Another great free SSL security testing service — High-Tech Bridge SSL Server Test (and Free API). I have already reviewed something quite familiar – Qualys SSL Labs client. So naturally there will be an element of comparison.

High-Tech Bridge SSL/TLS test request

Why have I tried something else after Qualys SSL Labs? The thing is Qualys doesn’t support IP addresses as a target. Maybe they don’t want it to be used for assessing full IP-ranges. I don’t know. But the fact is “IP addresses are not allowed”.

Continue reading

Vulners.com search API

Upd. Vulners released updated Vulners API. What is written below is still working. But now it’s all this can be done much easier.

The greatest thing is “references=true”. It makes possible to get all the referenced objects (exploits, detection plugins, etc.) and bulletin description in ONE search request.

So, for example bellow this query will be enough: https://vulners.com/api/v3/search/lucene/?query=cvss.score:10%20type:centos%20order:published&references=true

Life is getting better! 😉

In a previous post I made a brief review of Vulners.com security content database and search engine. Today let’s see how to automate searching of vulnerabilities, exploits, patches, bugbounty results, etc, with vulners.com search API.

Vulners Search API

It is really easy. We just need to send POST-request to https://vulners.com/api/v1/luceneSearch/ with JSON structure containing search query, size of results you want to get (10000 is maximum), and number of search result entities you would like to skip (optional). Huge size parameter limit makes possible, for example, getting all 2267 CentOS security bulletins with only one request. At the moment, no authorization is required to make requests and no limits for API use exist. Of course, the service is in active development phase and this functionality may be changed soon.

So, let’s get latest CentOS bulletin with most critical vulnerability:

curl -H "Content-Type: application/json" -X POST -d '{"query":"cvss.score:10 type:centos order:published", "size":1}' https://vulners.com/api/v1/luceneSearch/ | python -m json.tool
Continue reading

VM Remediation using external task tracking systems

In previous post I have briefly reviewed built-in remediation capabilities of vulnerability management systems. Continuing the theme, today I want to share some basic concepts how vulnerability remediation can be managed using external task tracking systems (Jira, TFS, Testrack, etc).

Jira Vulnerability Management ticket

Pros: it makes possible to implement any logic of remediation/patch management process.
Cons: you should make it by yourself; scripting skills and API knowledge required.

Tickets in buit-in remediation systems are usually assigned per host or per vulnerability. However, for large size networks making “one vulnerability on one host – one ticket” quickly become impractical. With universal task trackers we can do it in a different ways. I find it most convenient to make tickets on principle “one category of vulnerabilities, one ip range, one scanning iteration – one ticket”.
Continue reading

Improved interface of new Nessus Cloud v. 6.6

Tenable just released new version of Nessus. Most changes was made in cloud-based version of their popular scanner – Nessus Cloud. Official screenshots are not available yet, so I made couple of them from the tutorial video. If you’re a current Tenable customer, you can log in to the Tenable Support Portal, click the Training Videos link and watch “Workflow changes in Nessus Cloud 6.6” by yourself.

The most interesting change, in my opinion – the new dashboards. Where you’d normally seen a list of scan jobs, you’ll see a new dashboard, that will give you a quick overview of scan results:

  • Changes in number of critical, high, medium and low vulnerabilities detected in the system
  • Part of the vulnerabilities that are exploitable, older than 30 days, detected with authenticated scan and has a remediation recommendations
  • Top vulnerability detection plugins

Nessus Cloud Dashboards

Scan results moved to the separate “Scans” tab. And on the same tab we see the “Resources”: Policies, Asset Lists, Exclusions, Scanners and Agents.

Nessus Cloud Scans

Continue reading