Qualys SSL Labs console client. Qualys SSL Labs is a free online service, which performs a deep analysis of web server SSL configuration and detects some common OpenSSL vulnerabilities either (e.g. Heartbleed).
This service has an API and official console client, that could be used to automate security assessment.
Remediation capabilities of Vulnerability Management products. Vulnerability scanning and vulnerability management. This terms are often used synonymously. However, most top security vendors and institutions, express an opinion, that vulnerability management is a more complex process that includes vulnerability scanning (vulnerability assessment in general), remediation and some other stages, like asset management and risk assessment.
Remediation in most cases, does not mean that the vulnerability management product automatically tries to patch vulnerable system, but rather provide functionality to control remediation process. In other words, it contains a built-in task tracker, where security administrators could assign tickets (manually or automatically) on system administrators to patch or reconfigure vulnerable systems. For example, such functionality is implemented in Tenable Security Center and Qualys Cloud Suite.
NB: In most cases, but there are exceptions, as ERPScan, Secpod Saner or ConfigOS. This solutions can actually update vulnerable systems automatically.
Federated-Style CVE. It seems like MITRE Corporation wants to cut the costs of security projects. Once again. They transfered OVAL Project to the Center for Internet Security. Now MITRE announced the launch of a “Federated-Style CVE ID”. The idea is to give oportunity for other authorities to issue CVE IDs in special format.
The federated ID syntax will be CVE-CCCIII-YYYY-NNNN…N, where “CCC” encodes the issuing authority’s country and “III” encodes the issuing authority. At its launch, MITRE will be the only issuing authority, but we expect to quickly add others to address the needs of the research and discloser communities, as well as the cybersecurity community as a whole. This new federated ID system will significantly enhance the early stage vulnerability mitigation coordination, and reduce the time lapse between request and issuance
An introduction to Rapid7 Nexpose API. Another nice thing about Nexpose is that this vulnerability scanner has an open API. And even free Nexpose Community Edition supports it.
It’s a really generous gift from Rapid7. That means that you can use Nexpose to scan your environment, easily manage it from your scripts and make any vulnerability assessment and remediation logic you need.
I haven’t found manuals about using Nexpose API to automate basic vulnerability management tasks and decided to write my own. Hope somebody will find it useful. All examples will be in form of curl requests.
Working with Nexpose API is nothing more than sending xml Post-requests to the https://[Nexpose Host]:3780/api/[API Version]/xml and receiving xml responses.
Continue reading
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.