jetlib.sec » Tags » vulnerability-assessment

Feeds

133445 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

48 items tagged "vulnerability assessment"

Related tags: video [+], black hat [+], frank breedijk [+], assessment data [+], web application [+], shah tags [+], security [+], nmap [+], dimva [+], audio [+], web scanner [+], web authors [+], usa [+], the netherlands [+], saumil shah [+], portable [+], penetration [+], multi boot [+], metasploit [+], katana [+], eighth international conference [+], conference [+], boot security [+], authors [+], amsterdam the netherlands [+], amsterdam [+], workshops [+], whitepaper [+], web assessment [+], warszawa [+], vulnerability scanner [+], vulnerability assessments [+], value [+], testing [+], security tools [+], scripting language [+], realize [+], read [+], pen [+], paper [+], nse [+], millier [+], mastering [+], marc ruef [+], http [+], hat europe [+], fyodor tags [+], fifield [+], europe [+], david fifield [+], dave millier [+], assessment techniques [+], apps [+], xprobe [+], web server application [+], water [+], vulnerability research [+], txt [+], turn [+], toolbox [+], test reports [+], tags [+], tables turn [+], tables [+], slides [+], server [+], security assessments [+], seccubus [+], scripting [+], scanning [+], scanners [+], run [+], richard johnson tags [+], revolutions [+], renaud deraison [+], rant [+], proof solution [+], project authors [+], project [+], process [+], practical [+], post [+], penetration tests [+], open source tools [+], next [+], nessus project [+], nessus [+], multi [+], michael schearer [+], management [+], make [+], louis [+], larry [+], john andreadis [+], jeremiah grossman [+], iviz [+], intrusions [+], hacking [+], grossman [+], grade quality [+], generation [+], foregone conclusion [+], flash developers [+], flash [+], fire water [+], fire [+], fingerprinting [+], federal [+], erp [+], environment [+], enterprise vulnerability [+], dont see [+], don [+], discovery exploration [+], detection [+], defeating [+], day [+], database [+], corporate environment [+], corporate [+], conventional solutions [+], chris hurley tags [+], chris hurley [+], cfp [+], cannot [+], bug [+], bizploit [+], autonessus [+], automated [+], assessments [+], assessment web [+], asia [+], arkin tags [+], application [+], andreadis [+], alex [+], advanced [+], Tools [+], Countermeasures [+], vulnerability [+], assessment [+], web [+]

• January 24, 2012
• 21:50

  [Slides] Scanning Applications 2.0 - Next Generation Scan, Attacks and Tools

   » ‎ SecDocs
  Authors: Sheeraj Shah
  Tags: web application vulnerability assessment
  Event: Black Hat DC 2008
  

  Tags:  generation scanning next shah-tags vulnerability-assessment black-hat web-application  

• December 29, 2011
• 21:53

  [Slides] Defeating Automated Web Assessment Tools

   » ‎ SecDocs
  Authors: Saumil Shah
  Tags: web application vulnerability assessment
  Event: Black Hat EU 2005
  

  Tags:  defeating web assessment shah-tags saumil-shah vulnerability-assessment web-assessment  

• 21:53

  [Slides] Revolutions in Web Server/Application Assessments

   » ‎ SecDocs
  Tags: vulnerability assessment web server
  Event: Black Hat EU 2005
  

  Tags:  server web revolutions web-server-application vulnerability-assessment assessment-web  

• December 11, 2011
• 21:43

  [Slides] When the Tables Turn

   » ‎ SecDocs
  Tags: vulnerability assessment
  Event: Black Hat EU 2004
  

  Tags:  tables turn tags vulnerability-assessment tables-turn black-hat  

• November 15, 2011
• 21:42

  [Slides] JD's Toolbox: Fire & Water

   » ‎ SecDocs
  Tags: web application vulnerability assessment
  Event: Black Hat USA 2002
  

  Tags:  water toolbox fire usa vulnerability-assessment black-hat fire-water  

• November 06, 2011
• 21:29

  [Slides] Web Assessment Tools

   » ‎ SecDocs
  Tags: web application vulnerability assessment
  Event: Black Hat Asia 2001
  

  Tags:  Tools web assessment asia vulnerability-assessment web-assessment black-hat  

• November 04, 2011
• 22:51

  [Slides] The Nessus Project

   » ‎ SecDocs
  Authors: Renaud Deraison
  Tags: vulnerability assessment
  Event: Black Hat USA 2001
  

  Tags:  authors project nessus renaud-deraison usa vulnerability-assessment project-authors nessus-project  

• October 19, 2011
• 23:54

  [Slides] HTTP: Advanced Assessment Techniques

   » ‎ SecDocs
  Authors: Saumil Shah
  Tags: web application vulnerability assessment
  Event: Black Hat Windows Security 2003
  

  Tags:  http advanced assessment shah-tags saumil-shah vulnerability-assessment assessment-techniques  

• October 05, 2011
• 5:14

  [Slides] HTTP Fingerprinting and Advanced Assessment Techniques

   » ‎ SecDocs
  Authors: Saumil Shah
  Tags: web application vulnerability assessment fingerprinting
  Event: Black Hat Federal 2003
  

  Tags:  http fingerprinting assessment shah-tags saumil-shah vulnerability-assessment assessment-techniques  

• October 03, 2011
• 14:10

  [Slides] Practical Vulnerability Assessments in a Distributed Federal Environment

   » ‎ SecDocs
  Authors: Chris Hurley
  Tags: vulnerability assessment
  Event: Black Hat Federal 2003
  

  Tags:  vulnerability federal practical chris-hurley-tags chris-hurley vulnerability-assessments vulnerability-assessment  

• October 02, 2011
• 23:20

  [Slides] Using Xprobe2 in a Corporate Environment

   » ‎ SecDocs
  Authors: Ofir Arkin
  Tags: vulnerability assessment fingerprinting scanning
  Event: Black Hat Federal 2003
  

  Tags:  xprobe environment corporate arkin-tags vulnerability-assessment corporate-environment black-hat  

• 1:52

  [Slides] The Challenges of Automated Web Application Scanning

   » ‎ SecDocs
  Authors: Jeremiah Grossman
  Tags: web application vulnerability assessment scanning
  Event: Black Hat Federal 2003
  

  Tags:  automated application web jeremiah-grossman vulnerability-assessment black-hat grossman  

• September 10, 2011
• 0:28

  [Paper] Harder, Better, Faster, Stronger: Semi-Auto Vulnerability Research

   » ‎ SecDocs
  Authors: Lurene Grenier Richard Johnson
  Tags: vulnerability assessment bug hunting fuzzing
  Event: Black Hat USA 2010
  Abstract: Much work has been presented in the past few years concerning bug discovery through fuzzing. Everything from the feasibility of exhaustive generation fuzzing, to the continued productivity of simple mutation fuzzing has been covered. This talk will assume finding bugs is a foregone conclusion, and instead discuss the pre and post fuzzing process necessary to efficiently analyze vulnerabilities for a given program to the stage where exploitability has a high confidence, and exploitation can be handed off or undertaken in house. This process will be driven by intelligent, analyst driven automation, with a focus on the continued production of exploitable bugs with a minimum of wasted effort.

  Tags:  vulnerability bug process richard-johnson-tags usa vulnerability-research vulnerability-assessment foregone-conclusion  

• August 31, 2011
• 5:43

  [Video] Nmap NSE Hacking for IT Security Professionals

   » ‎ SecDocs
  Authors: Marc Ruef
  Tags: vulnerability assessment scanning
  Event: Hashdays 2010
  Abstract: Nmap is without doubt one of the most important tools in security testing. Initially developed as portscanner, the introduction of NSE (Nmap Scripting Language) enhanced the software heavily. NSE scripts allow to create additional tests, which may provide the functionality of a vulnerability scanner. Basic data collected by nmap and additional network requests can be used to determine software products and security flaws. The talk is discussing the possibilities of NSE scripting, the improvement of professional scanning (with a customer-based example) and current development in the field of NSE programming (my httprecon-nse port and vulscan module). Administrators and auditors will see the their benefits of automated testing.

  Tags:  nse nmap security marc-ruef vulnerability-scanner vulnerability-assessment scripting-language  

• 5:43

  [Slides] Nmap NSE Hacking for IT Security Professionals

   » ‎ SecDocs
  Authors: Marc Ruef
  Tags: vulnerability assessment scanning
  Event: Hashdays 2010
  Abstract: Nmap is without doubt one of the most important tools in security testing. Initially developed as portscanner, the introduction of NSE (Nmap Scripting Language) enhanced the software heavily. NSE scripts allow to create additional tests, which may provide the functionality of a vulnerability scanner. Basic data collected by nmap and additional network requests can be used to determine software products and security flaws. The talk is discussing the possibilities of NSE scripting, the improvement of professional scanning (with a customer-based example) and current development in the field of NSE programming (my httprecon-nse port and vulscan module). Administrators and auditors will see the their benefits of automated testing.

  Tags:  nse nmap security marc-ruef vulnerability-scanner vulnerability-assessment scripting-language  

• July 27, 2011
• 1:42

  iViZ On Demand Penetration Testing

   » ‎ Darknet
  Introduction iViZ is the industry’s first company to position themselves as an on-demand penetration testing service for web applications. This is very different from the normal low cost vulnerability assessment services like Qualys, Hackersafe, Hackerguardian etc.  Unlike conventional solutions, iViZ delivers consultant-grade quality with...
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  testing penetration iviz read vulnerability-assessment conventional-solutions grade-quality Countermeasures  

• July 18, 2011
• 19:37

  What Is A Vulnerability Assessment?

   » ‎ Packet Storm Security Recent Files
  Whitepaper called What is a vulnerability assessment?

  Tags:  vulnerability whitepaper assessment vulnerability-assessment  

• 19:37

  What Is A Vulnerability Assessment?

   » ‎ Packet Storm Security Misc. Files
  Whitepaper called What is a vulnerability assessment?

  Tags:  vulnerability whitepaper assessment vulnerability-assessment  

• July 13, 2011
• 13:55

  [Paper] Make My Day – Just Run a Web Scanner: Countering The Faults of Typical Web Scanners Through Byte-code Injection

   » ‎ SecDocs
  Authors: Toshinari Kureha
  Tags: web application vulnerability assessment scanning
  Event: Black Hat Europe 2007
  

  Tags:  make web paper europe web-scanner hat-europe vulnerability-assessment  

• 13:54

  [Slides] Make My Day – Just Run a Web Scanner: Countering The Faults of Typical Web Scanners Through Byte-code Injection

   » ‎ SecDocs
  Authors: Toshinari Kureha
  Tags: web application vulnerability assessment scanning
  Event: Black Hat Europe 2007
  

  Tags:  run day web europe web-scanner hat-europe vulnerability-assessment  

• April 15, 2011
• 19:14

  Data Driven Pentests...Don't You mean Vulnerability Assessments?

   » ‎ Carnal0wnage

  So first a disclaimer, i didnt listen to the referenced podcast, this is based solely of this blog post:
  http://newschoolsecurity.com/2011/04/data-driven-pen-tests
  

  So I’m listening to the “Larry, Larry, Larry” episode of the Risk Hose podcast, and Alex is talking about data-driven pen tests. I want to posit that pen tests are already empirical. Pen testers know what techniques work for them, and start with those techniques.

  What we could use are data-driven pen test reports. “We tried X, which works in 78% of attempts, and it failed.”

  We could also use more shared data about what tests tend to work.

  Thoughts?

  Dre's response to the post was surprising to me, he listed a bunch of tools that seem to do correlating of pentest results into a portal so you can trend over time. Cool idea, i'll give the people that. But to me when we start jumping into repeatable metrics driven stuff we are in Vulnerability Assessment land, not pentesting land.
  Here is the comment I left:

  I like the idea and i think it could be useful.

  However, they need to drop the pentest part. you are solidly into the vulnerability assessment part of things when you are talking about “ok, i tried 1,2,3,4,5 and 1 & 3 worked” ok on to the next set of tests… thats vulnerability assessment (with exploitation if you want to get technical) and not pentesting.

  pentesting is about that human looking at the problem and figuring out how to break it, not some scanner, thats going to be very hard to standardize and put hard numbers on and i dont think its going to be possible without tying up your tester’s time with bullshit.

  I'm all for "repeatable" pentests. You should have a methodology for each type of test, but when you are paying for human's time you should be paying for them to go after the site like a human would and not how a scanner would or not in a way where i'm worried about religiously following some checklist because if i don't the metrics get all fucked up. Your pentest should come after you have thrown the kitchen sink at it scanner wise.
  as an added bonus this post was right below the new school post in my Google reader:
  http://coding-insecurity.blogspot.com/2011/04/developing-good-methodology-part-3.html
  

  This post and really any methodology document you will ever read or write will have gaps, because no document on this subject can ever really be 100% all inclusive of every vulnerability and the myriad of variations that exist for many of these.

  
  I think it drives the point home as well.
  -CG

  Tags:  vulnerability post pen larry alex don vulnerability-assessments vulnerability-assessment test-reports rant  

• February 07, 2011
• 21:25

  [Video] Mastering the Nmap Scripting Engine

   » ‎ SecDocs
  Authors: David Fifield Fyodor
  Tags: vulnerability assessment scanning
  Event: DEFCON 18
  

  Tags:  video nmap mastering fyodor-tags david-fifield vulnerability-assessment fifield  

• 21:25

  [Slides] Mastering the Nmap Scripting Engine

   » ‎ SecDocs
  Authors: David Fifield Fyodor
  Tags: vulnerability assessment scanning
  Event: DEFCON 18
  

  Tags:  nmap scripting mastering fyodor-tags david-fifield vulnerability-assessment fifield  

• February 02, 2011
• 21:25

  [Video] Katana: Portable Multi-Boot Security Suite

   » ‎ SecDocs
  Authors: Jacco van Tuijl
  Tags: tools vulnerability assessment
  Event: DEFCON 18
  

  Tags:  video katana portable boot-security vulnerability-assessment multi-boot  

• February 01, 2011
• 21:25

  [Slides] Katana: Portable Multi-Boot Security Suite

   » ‎ SecDocs
  Authors: Jacco van Tuijl
  Tags: tools vulnerability assessment
  Event: DEFCON 18
  

  Tags:  katana portable multi boot-security vulnerability-assessment multi-boot  

• 21:25

  [Audio] Katana: Portable Multi-Boot Security Suite

   » ‎ SecDocs
  Authors: Jacco van Tuijl
  Tags: tools vulnerability assessment
  Event: DEFCON 18
  

  Tags:  audio katana portable boot-security vulnerability-assessment multi-boot  

• January 21, 2011
• 21:25

  [Video] Seccubus – Analyzing vulnerability assessment data the easy way...

   » ‎ SecDocs
  Authors: Frank Breedijk
  Tags: vulnerability assessment
  Event: DEFCON 18
  

  Tags:  video assessment vulnerability frank-breedijk vulnerability-assessment assessment-data  

• 21:25

  [Audio] Seccubus – Analyzing vulnerability assessment data the easy way...

   » ‎ SecDocs
  Authors: Frank Breedijk
  Tags: vulnerability assessment
  Event: DEFCON 18
  

  Tags:  assessment audio vulnerability frank-breedijk vulnerability-assessment assessment-data  

• January 20, 2011
• 21:25

  [Slides] Seccubus – Analyzing vulnerability assessment data the easy way...

   » ‎ SecDocs
  Authors: Frank Breedijk
  Tags: vulnerability assessment
  Event: DEFCON 18
  

  Tags:  assessment vulnerability seccubus frank-breedijk vulnerability-assessment assessment-data slides  

• 21:25

  [Paper] Seccubus – Analyzing vulnerability assessment data the easy way...

   » ‎ SecDocs
  Authors: Frank Breedijk
  Tags: vulnerability assessment
  Event: DEFCON 18
  

  Tags:  assessment vulnerability paper frank-breedijk vulnerability-assessment assessment-data  

• December 24, 2010
• 21:25

  [Slides] Web Scanners FOR THE WIN...

   » ‎ SecDocs
  Authors: Louis Nyffenegger
  Tags: web application vulnerability assessment
  Event: Ruxcon 2010
  Abstract: More and more organisations think an automatic web scanner can replace pentesters. Even if it may be true in some cases, I will demonstrate that most web scanners don't do a decent job and cannot be used to ensure that a website is secure. Most arguments against web scanners are based on the fact that these scanners cannot understand the business logic behind applications however, we will see that scanners are not even able to properly find vulnerabilities like SQL injections or command injection vulnerabilities. Based on commercial and open source tools, this presentation will take some examples of web vulnerabilities and go through each scanners results for good lulz.

  Tags:  cannot scanners web louis open-source-tools web-scanner vulnerability-assessment  

• December 22, 2010
• 21:25

  [Slides] Killing the Elephant in the Room - Enterprise Vulnerability Management Tactics

   » ‎ SecDocs
  Tags: vulnerability assessment vulnerability
  Event: Ruxcon 2010
  Abstract: Technical conferences often present new and innovative research concerning vulnerability assessment, exploitation and mitigation controls. New offensive and defensive techniques have been evolving for well over a decade. In parallel to this, targeted attacks and the zero-day black-market have created a powerful underground economy that threatens the world’s wealthiest enterprises. Unfortunately in all this madness, the fundamental practice of vulnerability management has been neglected. Large enterprises often have huge IT estates ripe with technicalities, politics, and organisational constraints. It would seem that relying purely on COTS solutions to manage vulnerabilities is deemed an easy way to tick a compliance box but is never a primary fool-proof solution for managing known vulnerabilities. The goal of this presentation is to shift the mindset for how large organizations address the challenges of vulnerability management. A walk-through on architecting and implementing custom vulnerability management technologies will be done - for each component, different options will be presented where possible plus discussion on both technological and process challenges. The presentation will demonstrate that logical analysis and innovation can significantly evolve a typical COTS approach and give a more realist perspective on this difficult domain.

  Tags:  assessment vulnerability management enterprise-vulnerability vulnerability-assessment proof-solution  

• December 17, 2010
• 21:25

  [Slides] Realize More Value From Your Existing security Tools

   » ‎ SecDocs
  Authors: Dave Millier
  Tags: vulnerability assessment compliance
  Event: SecTor 2010
  

  Tags:  security realize value dave-millier vulnerability-assessment millier security-tools  

• 21:25

  [Video] Realize More Value From Your Existing security Tools

   » ‎ SecDocs
  Authors: Dave Millier
  Tags: vulnerability assessment compliance
  Event: SecTor 2010
  

  Tags:  video realize value dave-millier vulnerability-assessment millier security-tools  

• December 12, 2010
• 2:54

  [Video] Do it yourself - Security Assessments made easy and FREE

   » ‎ SecDocs
  Authors: John Andreadis
  Tags: vulnerability assessment
  Event: SecTor 2010
  

  Tags:  video assessments security john-andreadis vulnerability-assessment andreadis security-assessments  

• December 06, 2010
• 14:19

  [Video] 400 Apps in 40 Days

   » ‎ SecDocs
  Authors: Nish Bhalla Sahba Kazerooni
  Tags: web application vulnerability assessment vulnerability
  Event: SecTor 2010
  

  Tags:  video vulnerability apps vulnerability-assessment web-application  

• 14:02

  [Slides] 400 Apps in 40 Days

   » ‎ SecDocs
  Authors: Nish Bhalla Sahba Kazerooni
  Tags: web application vulnerability assessment vulnerability
  Event: SecTor 2010
  

  Tags:  authors vulnerability apps vulnerability-assessment web-application  

• 13:52

  DIMVA 2011 Call For Workshops Proposals

   » ‎ Packet Storm Security Recent Files
  Call For Workshops Proposals for the Eighth International Conference on Detection of Intrusions and Malware and Vulnerability Assessment. This conference will be held from July 7th through the 8th, 2011 in Amsterdam, The Netherlands.

  Tags:  conference dimva workshops amsterdam the-netherlands vulnerability-assessment eighth-international-conference amsterdam-the-netherlands  

• 13:52

  DIMVA 2011 Call For Workshops Proposals

   » ‎ Packet Storm Security Misc. Files
  Call For Workshops Proposals for the Eighth International Conference on Detection of Intrusions and Malware and Vulnerability Assessment. This conference will be held from July 7th through the 8th, 2011 in Amsterdam, The Netherlands.

  Tags:  conference dimva workshops amsterdam the-netherlands vulnerability-assessment eighth-international-conference amsterdam-the-netherlands  

• November 08, 2010
• 19:02

  DIMVA-2011.txt

   » ‎ Packet Storm Security Misc. Files
  Call For Papers for DIMVA 2011, the Eighth International Conference on Detection of Intrusions and Malware and Vulnerability Assessment. This conference will be held from July 7th through the 8th, 2011 in Amsterdam, The Netherlands.

  Tags:  txt conference dimva amsterdam the-netherlands vulnerability-assessment eighth-international-conference amsterdam-the-netherlands  

• 9:00

  Bugtraq: CFP: DIMVA 2011 - Detection of Intrusions and Malware & Vulnerability Assessment

   » ‎ SecurityFocus Vulnerabilities
  CFP: DIMVA 2011 - Detection of Intrusions and Malware & Vulnerability Assessment

  Tags:  dimva detection cfp vulnerability-assessment intrusions  

• August 17, 2010
• 21:13

  [Audio] Blinded by Flash: Widespread Security Risks Flash Developers Don't See

   » ‎ SecDocs
  Authors: Prajakta Jagdale
  Tags: vulnerability assessment vulnerability Flash
  Event: Black Hat DC 2009
  

  Tags:  audio vulnerability flash dont-see vulnerability-assessment flash-developers black-hat  

• June 15, 2010
• 3:33

  Onapsis Bizploit – ERP Penetration Testing Framework

   » ‎ Darknet
  Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests. Bizploit is expected to provide the security community with a basic framework to...
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  bizploit erp penetration read penetration-tests discovery-exploration vulnerability-assessment database hacking  

• May 04, 2010
• 1:01

  [Audio] Metasploit Goes Web

   » ‎ SecDocs
  Authors: Efrain Torres
  Tags: web application vulnerability assessment Metasploit
  Event: DEFCON 17
  

  Tags:  audio web metasploit vulnerability-assessment web-authors  

• 1:01

  [Slides] Metasploit Goes Web

   » ‎ SecDocs
  Authors: Efrain Torres
  Tags: web application vulnerability assessment Metasploit
  Event: DEFCON 17
  

  Tags:  authors web metasploit vulnerability-assessment web-authors web-application  

• 1:01

  [Video] Metasploit Goes Web

   » ‎ SecDocs
  Authors: Efrain Torres
  Tags: web application vulnerability assessment Metasploit
  Event: DEFCON 17
  

  Tags:  video web metasploit vulnerability-assessment web-authors  

• February 18, 2010
• 0:03

  [Slides] Pen Testing the Web with Firefox

   » ‎ SecDocs
  Authors: Michael Schearer
  Tags: penetration testing vulnerability assessment browser
  Event: Confidence 2009 Warszawa
  

  Tags:  testing web pen michael-schearer warszawa vulnerability-assessment penetration  

• February 17, 2010
• 3:39

  [Slides] AutoNessus: analyzing vulnerability assessment data the easy way…

   » ‎ SecDocs
  Authors: Frank Breedijk
  Tags: vulnerability assessment scanning
  Event: Confidence 2009 Warszawa
  

  Tags:  assessment vulnerability autonessus frank-breedijk warszawa vulnerability-assessment assessment-data