Author Archives: Alexander Leonov

About Alexander Leonov

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven't used Telegram yet, give it a try. It's great. You can discuss my posts or ask questions at @avleonovchat. А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

VM Remediation using external task tracking systems

7 Replies

VM Remediation using external task tracking systems. In previous post I have briefly reviewed built-in remediation capabilities of vulnerability management systems. Continuing the theme, today I want to share some basic concepts how vulnerability remediation can be managed using external task tracking systems (Jira, TFS, Testrack, etc).

Jira Vulnerability Management ticket

Pros: it makes possible to implement any logic of remediation/patch management process.
Cons: you should make it by yourself; scripting skills and API knowledge required.

Tickets in buit-in remediation systems are usually assigned per host or per vulnerability. However, for large size networks making “one vulnerability on one host – one ticket” quickly become impractical. With universal task trackers we can do it in a different ways. I find it most convenient to make tickets on principle “one category of vulnerabilities, one ip range, one scanning iteration – one ticket”.
Continue reading

Improved interface of new Nessus Cloud v. 6.6

9 Replies

Improved interface of new Nessus Cloud v. 6.6. Tenable just released new version of Nessus. Most changes was made in cloud-based version of their popular scanner – Nessus Cloud. Official screenshots are not available yet, so I made couple of them from the tutorial video. If you’re a current Tenable customer, you can log in to the Tenable Support Portal, click the Training Videos link and watch “Workflow changes in Nessus Cloud 6.6” by yourself.

The most interesting change, in my opinion – the new dashboards. Where you’d normally seen a list of scan jobs, you’ll see a new dashboard, that will give you a quick overview of scan results:

  • Changes in number of critical, high, medium and low vulnerabilities detected in the system
  • Part of the vulnerabilities that are exploitable, older than 30 days, detected with authenticated scan and has a remediation recommendations
  • Top vulnerability detection plugins

Nessus Cloud Dashboards

Scan results moved to the separate “Scans” tab. And on the same tab we see the “Resources”: Policies, Asset Lists, Exclusions, Scanners and Agents.

Nessus Cloud Scans

Continue reading

Qualys SSL Labs console client

5 Replies

Qualys SSL Labs console client. Qualys SSL Labs is a free online service, which performs a deep analysis of web server SSL configuration and detects some common OpenSSL vulnerabilities either (e.g. Heartbleed).

Qualys SSL Lab Report

This service has an API and official console client, that could be used to automate security assessment.

Qualys SSL Labs official console client ssllabs-scan

Continue reading

Remediation capabilities of Vulnerability Management products

3 Replies

Remediation capabilities of Vulnerability Management products. Vulnerability scanning and vulnerability management. This terms are often used synonymously. However, most top security vendors and institutions, express an opinion, that vulnerability management is a more complex process that includes vulnerability scanning (vulnerability assessment in general), remediation and some other stages, like asset management and risk assessment.

Vulnerability Management Lifecycle

Remediation in most cases, does not mean that the vulnerability management product automatically tries to patch vulnerable system, but rather provide functionality to control remediation process. In other words, it contains a built-in task tracker, where security administrators could assign tickets (manually or automatically) on system administrators to patch or reconfigure vulnerable systems. For example, such functionality is implemented in Tenable Security Center and Qualys Cloud Suite.

NB: In most cases, but there are exceptions, as ERPScan, Secpod Saner or ConfigOS. This solutions can actually update vulnerable systems automatically.

Continue reading

Federated-Style CVE

1 Reply

Federated-Style CVE. It seems like MITRE Corporation wants to cut the costs of security projects. Once again. They transfered OVAL Project to the Center for Internet Security. Now MITRE announced the launch of a “Federated-Style CVE ID”. The idea is to give oportunity for other authorities to issue CVE IDs in special format.

cve

The federated ID syntax will be CVE-CCCIII-YYYY-NNNN…N, where “CCC” encodes the issuing authority’s country and “III” encodes the issuing authority. At its launch, MITRE will be the only issuing authority, but we expect to quickly add others to address the needs of the research and discloser communities, as well as the cybersecurity community as a whole. This new federated ID system will significantly enhance the early stage vulnerability mitigation coordination, and reduce the time lapse between request and issuance

Continue reading

ERPScan SAP security scanner

8 Replies

ERPScan SAP security scanner. ERPScan compliance scan results

I had a chance to see presentation and live demo of ERPScan – automated SAP scanning solution, and it made quite an impression on me. ERPScan has interesting scanning features. The most spectacular, in my opinion, is ability to run exploits for found vulnerabilities directly from the scanner.

Continue reading

Have you heard about vulners.com?

2 Replies

Have you heard about vulners.com? Vulners.com is a new search engine for security content.

Vulners.com searching engine

Guys from vulners.com collect vendor security bulletins, lists of vulnerabilities found by researchers,  content of open vulnerability and exploit databases, posts on hack forums and even detection rules from vulnerability scanners. They investigate dependencies among all this entities and provide fast and efficient searching interface. Moreover, you can even automate searching process with Vulners Search API. All for free!

Vulners.com 'Heartbleed' search results

You can read Russian translation of this post on seclab. I can also recommend a great article “Vulners.com, a Shodan of vulnerability data” by Denis Gorchakov.

Why might you need it? Continue reading