Tag Archives: WAS

Outpost24 Appsec Scale for Web Application Scanning

Today I would like to write about yet another Outpost24 product – cloud Web Application Scanner Appsec Scale.

Outpost24 Appsec Scale scan results

It is available in the same interface as Outpost24 Outscan, that I reviewed earlier. Select APPSEC SCALE in the start menu and you can scan web applications:

Outpost24 Appsec Scale

Continue reading

My short review of “IDC Worldwide Security and Vulnerability Management Market Shares 2016”

On February 12 IDC published new report about Security and Vulnerability Management market. You can buy it on the official website for $4500. Or you can simply download free extract on Qualys website (Thanks, Qualys!). I’ve read it and now I want to share my impressions.

IDC Worldwide Security and Vulnerability Management Market Shares 2016

I think it’s better start reading this report from the end, from “MARKET DEFINITION” section. First of all, IDC believe that there is a “Security and Vulnerability Management” (SVM) market. It consists of two separate “symbiotic markets”: security management and vulnerability assessment (VA).

Continue reading

Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0

Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. You can read my description of the version 1.0 at “Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome“.

Vulners web vulnerability scanner v.2.0

Killing feature of Vulners web scanner v. 2.0 is that you can now see all vulnerabilities on all scanned sites in a single window. You don’t need to checks all Google Chrome tabs manually.

Moreover, if some sites make request to other servers, for example googleapis.com, these servers will be checked automatically.

The plugin was fully refactored and now it is React driven. It works faster, analysis more data sources and detects vulnerabilities more accurately.

Continue reading

ZeroNights 2017: back to the cyber 80s

Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions.

my photo ZeroNights 2017

First of all, I want to say that two main Moscow events for information security practitioners, PHDays and ZeroNights, provide an excellent opportunity to meet all of the colleagues at once and to synchronize current views on important information security issues, including, of course, Vulnerability Management, the most relevant for me. My opinion is that this year’s behind-the-scene conversations were especially good. And this is the most valuable characteristic for the event.

Every ZeroNights event has it’s own style. This time it was some geeky cyber retro from 1980s, like in popular cult movie Kung Fury. The place was also changed from familiar Cosmos Hotel  to ZIL Culture Centre. It is the largest Palace of Culture from the Soviet Moscow times. The combination of US 80s cultural artifacts, RETROWAVE music with Soviet-style interiors (including, for example, statue of Lenin) made a pretty weird combination, but I liked it =)

I was unintentionally taking photos using some strange mode in camera and recorded a very short video fragment (3-5 seconds) for each photo. I decided to combine this fragments in a small video. This does not make much sense, but, perhaps, someone will find this “time-lapse” interesting 😉

Among the great presentations and workshops, there were also a small exhibition. This year there was two Vulnerability Management vendors: Beyond Security and Qualys.

Continue reading

Sending and receiving emails automatically in Python

There are different situations, when you may want to process email messages automatically. I will give some examples related to Vulnerability Management:

  • Send a message to your colleagues that you are going to start a network  vulnerability  scan or WAS scan. It is much better than investigating performance problems in a hurry.
  • Send the results of vulnerability scanning to colleagues or a responsible employee. Many patch management and configuration issues can be delegated to the end user directly without bothering IT department.
  • Process the response (if any) on your message. If it is not, you can send another message or escalate the problem.
  • Send a report with the current security status in the organization to your colleagues and boss.
  • Some systems you can integrate by email only. They will send messages to some email address and you will process them automatically.
  • Maybe you do not like existing email clients and you want to write your own? 😉

Gmail Python IMAP SMTP

In any case, the ability to send e-mails can be very useful. How to do this in python? Let’s assume that your IT team has granted you access to smtp and imap servers.

Continue reading