New National Vulnerability Database visualizations and feeds. Recently, the National Institute of Standards and Technology (NIST) introduced a new version of National Vulnerability Database (NVD) website.
I will not say that I liked this redesign:
IMHO, old website with US flag was much prettier and useful:
But the very fact that the site is developing, I really like very much. Let’s see what’s new there.
.audit-based Compliance Management in Nessus. In this post I will briefly describe how Nessus .audit-based Compliance Management works, why I like it, what could be improved and why I suppose Tenable won’t do it soon. 😉
Nessus compliance checks are mainly presented in a form of special .audit scripts. This scripting language is very different from familiar NASL (Nessus Attack Scripting Language).
Basically, it is a collection of universal checks for various objects (e.g. existence of the line or parameter in the file, access permissions of the file, service status, etc.). Of course, nowadays Сompliance Management is not only about Operating System and software (mis)configuration. We have different network devices, databases, cloud services, etc. but originally it was the main case.
By combining the universal checks any requirement of low-level configuration standard (CIS, DISA, etc.) can be implemented. The similar principles are used in OVAL/SCAP content.
Testing Secpod Saner Personal vulnerability scanner. SecPod Technologies is an information security products company located in Bangalore, India. They are also known as top OVAL Contributor and NVT vendor for OpenVAS. Besides the products designed for a big enterprises (vulnerability scanner Saner Business and threat intelligence platform Ancor), they have either vulnerability and compliance management solution for personal use – Saner Personal. And personal means that this scanner will scan only localhost. It’s free, SCAP-compatible, it has remediation capabilities. And it works. =)
Hello! Thanks for visiting my website! Glad to see you here.
I have been working in information security since 2009, specializing in Vulnerability Management, Compliance Management, custom security automation and metrics. You can read more about my career path in LinkedIn.
All my Open Source projects are on Github. I am currently focusing mainly on my vulnerability prioritization tool Vulristics (read the posts about it).
I publish my posts in audio-video format as well. Here is my Youtube channel and you can open this podcast feed url in the podcast player (or try to search for “AVLEONOV Podcast”).
My main messenger is Telegram, and I have several projects there:
My pages in social networks:
My email: me@avleonov.com
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.
