Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine
If you use Vulners.com #vulnerability #searchengine, you probably know that it has a real “Time Machine”.
Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI:
In most cases, the vendor just corrects typos or adds more details. But sometimes the message can change significantly.
### #CERT.org
For example, in a case of latest #Meltdown and #Spectre #vulnerability. Initial cert.org VU:584653 recommendation was “Replace CPU hardware”. 🙂
#vulnerscom #Tenable #Spectre #Nessus #Meltdown #CERTorg #CERT #VulnerabilityManagement #VulnerabilityDatabases
Read more: https://avleonov.com/2018/01/11/tracking-changes-in-cert-bulletins-and-nessus-plugins-using-vulners-time-machine/
If you use Vulners.com #vulnerability #searchengine, you probably know that it has a real “Time Machine”.
Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI:
In most cases, the vendor just corrects typos or adds more details. But sometimes the message can change significantly.
### #CERT.org
For example, in a case of latest #Meltdown and #Spectre #vulnerability. Initial cert.org VU:584653 recommendation was “Replace CPU hardware”. 🙂
#vulnerscom #Tenable #Spectre #Nessus #Meltdown #CERTorg #CERT #VulnerabilityManagement #VulnerabilityDatabases
Read more: https://avleonov.com/2018/01/11/tracking-changes-in-cert-bulletins-and-nessus-plugins-using-vulners-time-machine/
Confluence REST API for reading and updating wiki pages
In previous posts I wrote how to automate the work with #Atlassian Jira, including automated ticket labeling. Now let’s try to use REST #API of another popular #Atlassian product – Confluence wiki engine.
What you may want to automate in Confluence? Obviously, it may be useful to read the pages that your colleagues regularly update and then use this data in some scripts as an input. You may also want to update your own Confluence pages, for example to post Vulnerability Scanning results. 😉
#python #json #base64 #AtlassianConfluence #Atlassian #API
Read more: https://avleonov.com/2018/01/18/confluence-rest-api-for-reading-and-updating-wiki-pages/
In previous posts I wrote how to automate the work with #Atlassian Jira, including automated ticket labeling. Now let’s try to use REST #API of another popular #Atlassian product – Confluence wiki engine.
What you may want to automate in Confluence? Obviously, it may be useful to read the pages that your colleagues regularly update and then use this data in some scripts as an input. You may also want to update your own Confluence pages, for example to post Vulnerability Scanning results. 😉
#python #json #base64 #AtlassianConfluence #Atlassian #API
Read more: https://avleonov.com/2018/01/18/confluence-rest-api-for-reading-and-updating-wiki-pages/
Kenna Security: Analyzing Vulnerability Scan data
I’ve been following #Kenna Security (before 2015 Risk I/O) for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various #vulnerability #scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts and reports are highly specific for my employer’s infrastructure and needs. And guys from #Kenna team make a standardized scalable cloud solution that should be suitable for everyone.
I think their niche is really great. They do not compete directly with #VulnerabilityManagement vendors. They can be partners with any of them, bringing additional features to the customers. Perfect win-win combination. That’s why #Kenna speakers regularly participate in joint webinars with VM vendors.
I couldn’t lose a great opportunity to see #Kenna Security service in action. 😉
In this post I will try to make a very brief review of #Kenna functionality and formulate pros and cons of the solution.
When you submit trial request at https://www.eu.kennasecurity.com/signup (or https://app.kennasecurity.com/signup if you are not in Europe) you will get a link to your company account:
https://corporation.eu.kennasecurity.com/
The login screen will look like this:
#Tenable #RiskIO #Rapid7 #Qualys #Outpost24 #OpenVAS #Nexpose #Nessus #Kenna #Exploit #Elasticsearch #CVE #VulnerabilityManagement #API
Read more: https://avleonov.com/2018/01/21/kenna-security-analyzing-vulnerability-scan-data/
I’ve been following #Kenna Security (before 2015 Risk I/O) for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various #vulnerability #scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts and reports are highly specific for my employer’s infrastructure and needs. And guys from #Kenna team make a standardized scalable cloud solution that should be suitable for everyone.
I think their niche is really great. They do not compete directly with #VulnerabilityManagement vendors. They can be partners with any of them, bringing additional features to the customers. Perfect win-win combination. That’s why #Kenna speakers regularly participate in joint webinars with VM vendors.
I couldn’t lose a great opportunity to see #Kenna Security service in action. 😉
In this post I will try to make a very brief review of #Kenna functionality and formulate pros and cons of the solution.
When you submit trial request at https://www.eu.kennasecurity.com/signup (or https://app.kennasecurity.com/signup if you are not in Europe) you will get a link to your company account:
https://corporation.eu.kennasecurity.com/
The login screen will look like this:
#Tenable #RiskIO #Rapid7 #Qualys #Outpost24 #OpenVAS #Nexpose #Nessus #Kenna #Exploit #Elasticsearch #CVE #VulnerabilityManagement #API
Read more: https://avleonov.com/2018/01/21/kenna-security-analyzing-vulnerability-scan-data/
Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for #Google Chrome browser. You can read my description of the version 1.0 at “Vulners.com #vulnerability detection plugins for #BurpSuite and #Google Chrome“.
Killing feature of Vulners web #scanner v. 2.0 is that you can now see all vulnerabilities on all scanned sites in a single window. You don’t need to checks all #Google Chrome manually.
Moreover, if some sites make request to other servers, for example googleapis.com, this servers will be checked automatically.
The plugin was fully refactored and now it is #React driven. It works faster, analysis more data sources and detects vulnerabilities more accurately.
#WAS #vulnerscom #React #PHP #GoogleChrome #Google #CVSS #CVE #VulnerabilityManagement
Read more: https://avleonov.com/2018/01/24/vulners-web-vulnerability-scanner-plugin-for-google-chrome-v-2-0/
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for #Google Chrome browser. You can read my description of the version 1.0 at “Vulners.com #vulnerability detection plugins for #BurpSuite and #Google Chrome“.
Killing feature of Vulners web #scanner v. 2.0 is that you can now see all vulnerabilities on all scanned sites in a single window. You don’t need to checks all #Google Chrome manually.
Moreover, if some sites make request to other servers, for example googleapis.com, this servers will be checked automatically.
The plugin was fully refactored and now it is #React driven. It works faster, analysis more data sources and detects vulnerabilities more accurately.
#WAS #vulnerscom #React #PHP #GoogleChrome #Google #CVSS #CVE #VulnerabilityManagement
Read more: https://avleonov.com/2018/01/24/vulners-web-vulnerability-scanner-plugin-for-google-chrome-v-2-0/
Alexander V. Leonov
Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. My description of the version 1.0 you can see at Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome. Killing feature…
Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted
The last time I was developing dynamic web applications years ago. I used CGI and #PHP back then. 🙂 Now I am really interested in a modern approach, when you have a Single Page Web Application (SPA) written in HTML and #JavaScript, that makes http requests to some external #API.
It’s pretty cool, because your application becomes API-centric naturally. You work on human interface and improve integration capabilities at the same time. And the task of securing your web app mostly reduces to securing your formalized #API.
The very best way to learn something new is to write a post about this stuff. 😉 Here I will reproduce my own steps of making a very basic web app:
1. Launch #Apache web-server with http/https.
2. Make a simple #API service: #Nmap wrapper.
3. Make a web-application with “multipage” experience. There should be at least two pages: Scan and About.
4. On Scan page it will be possible to input a target (hostname or IP), #scan arguments and launch #scan by clicking on the button. The same behavior will be if the target will be passed as a parameter in address bar.
5. On other pages should be some static text.
As you can see, it is a very limited task, but it should clear up the most confusing parts of the process.
#Twisted #SSL #python #Nmap #nginx #JavaScript #GoogleChrome #Firefox #CORS #Apache #AngularJS #API
Read more: https://avleonov.com/2018/02/05/making-simple-nmap-spa-web-gui-with-apache-angularjs-and-python-twisted/
The last time I was developing dynamic web applications years ago. I used CGI and #PHP back then. 🙂 Now I am really interested in a modern approach, when you have a Single Page Web Application (SPA) written in HTML and #JavaScript, that makes http requests to some external #API.
It’s pretty cool, because your application becomes API-centric naturally. You work on human interface and improve integration capabilities at the same time. And the task of securing your web app mostly reduces to securing your formalized #API.
The very best way to learn something new is to write a post about this stuff. 😉 Here I will reproduce my own steps of making a very basic web app:
1. Launch #Apache web-server with http/https.
2. Make a simple #API service: #Nmap wrapper.
3. Make a web-application with “multipage” experience. There should be at least two pages: Scan and About.
4. On Scan page it will be possible to input a target (hostname or IP), #scan arguments and launch #scan by clicking on the button. The same behavior will be if the target will be passed as a parameter in address bar.
5. On other pages should be some static text.
As you can see, it is a very limited task, but it should clear up the most confusing parts of the process.
#Twisted #SSL #python #Nmap #nginx #JavaScript #GoogleChrome #Firefox #CORS #Apache #AngularJS #API
Read more: https://avleonov.com/2018/02/05/making-simple-nmap-spa-web-gui-with-apache-angularjs-and-python-twisted/
Nessus Manager disappeared and Tenable.io On-Prem was announced
If you open #Tenable Products page right now you will not see #Nessus Manager there anymore. #Nessus Manager page “The Power of #Nessus for Teams” was also deleted.
However, it is still mentioned in the product comparison. Agent-Based Scanning in SecurityCenter and SecurityCenter Continuous View “* Requires #Tenable.io #VulnerabilityManagement or #Nessus Manager for agent management.”
#Tenableio #Tenable #NessusManager #VulnerabilityManagement
Read more: https://avleonov.com/2018/02/05/tenable-security-killed-nessus-manager-and-anounced-tenable-io-on-prem/
If you open #Tenable Products page right now you will not see #Nessus Manager there anymore. #Nessus Manager page “The Power of #Nessus for Teams” was also deleted.
However, it is still mentioned in the product comparison. Agent-Based Scanning in SecurityCenter and SecurityCenter Continuous View “* Requires #Tenable.io #VulnerabilityManagement or #Nessus Manager for agent management.”
#Tenableio #Tenable #NessusManager #VulnerabilityManagement
Read more: https://avleonov.com/2018/02/05/tenable-security-killed-nessus-manager-and-anounced-tenable-io-on-prem/
Nessus Manager disappeared and Tenable.io On-Prem was announced
Kenna Security: Connectors and REST API
In the last post about #Kenna Security cloud service I mentioned their main features for analyzing data from different #vulnerability scanners. Now let’s see how to import #Tenable #Nessus #scan results in #Kenna. Here you can see the list of connectors for all supported products:
Three connectors for #Nessus are available:
* **Nessus Importer** retrieves existing #scan results from your #Nessus server.
* **Nessus Scanner** can schedule scans on your #Nessus server.
* **Nessus XML** imports #xml (.Nessus2) files.
First two connectors work with #Nessus server directly. And they probably won’t work anymore with #Nessus Professional 7, because of #API removing (see “New #Nessus 7 Professional and the end of cost-effective #VulnerabilityManagement (as we knew it)“). If #Nessus server is deployed on-premise you should use special #Kenna Virtual Tunnel.
Last “Nessus XML” connector is the most flexible. No matter how you got your #scan results, it will be possible to import them to #Kenna. See how to get XML reports from from #Nessus server in a post “Retrieving #scan results through #Nessus API“. You can upload XML #scan results using #Kenna web GUI (not very efficient way, but for testing – why not?) or REST #API.
To use #Kenna REST #API you will need an Application Token. Go to the the Settings menu -> Applications:
#xml #Tenable #python #Nessus #Kenna #VulnerabilityManagement #API
Read more: https://avleonov.com/2018/02/15/kenna-security-connectors-and-rest-api/
In the last post about #Kenna Security cloud service I mentioned their main features for analyzing data from different #vulnerability scanners. Now let’s see how to import #Tenable #Nessus #scan results in #Kenna. Here you can see the list of connectors for all supported products:
Three connectors for #Nessus are available:
* **Nessus Importer** retrieves existing #scan results from your #Nessus server.
* **Nessus Scanner** can schedule scans on your #Nessus server.
* **Nessus XML** imports #xml (.Nessus2) files.
First two connectors work with #Nessus server directly. And they probably won’t work anymore with #Nessus Professional 7, because of #API removing (see “New #Nessus 7 Professional and the end of cost-effective #VulnerabilityManagement (as we knew it)“). If #Nessus server is deployed on-premise you should use special #Kenna Virtual Tunnel.
Last “Nessus XML” connector is the most flexible. No matter how you got your #scan results, it will be possible to import them to #Kenna. See how to get XML reports from from #Nessus server in a post “Retrieving #scan results through #Nessus API“. You can upload XML #scan results using #Kenna web GUI (not very efficient way, but for testing – why not?) or REST #API.
To use #Kenna REST #API you will need an Application Token. Go to the the Settings menu -> Applications:
#xml #Tenable #python #Nessus #Kenna #VulnerabilityManagement #API
Read more: https://avleonov.com/2018/02/15/kenna-security-connectors-and-rest-api/
Tenable University: Nessus Certificate of Proficiency
Yesterday I finished “Nessus Certificate of Proficiency” learning plan at #Tenable University and passed the final test. Here I would like to share my impressions.
First of all, few words about my motivation. I use #Nessus literally every day at work. So, it was fun to check my knowledge. I already wrote about #Tenable education portal in “Study Vulnerability Assessment in #Tenable University for free” post. It’s free. It’s available for everyone on demand. However, #Tenable customers get access to way more content.
At this moment there are four learning plan available for #Tenable customers: for #Nessus, #Tenableio, SecurityCenter and SecurityCenter Continuous View. Each learning plan consist of short video lessons grouped in courses and the final test.
#WSUS #Windows #Tenableio #Tenable #NessusManager #Nessus #VulnerabilityManagement #ComplianceManagement
Read more: https://avleonov.com/2018/02/21/tenable-university-nessus-certificate-of-proficiency/
Yesterday I finished “Nessus Certificate of Proficiency” learning plan at #Tenable University and passed the final test. Here I would like to share my impressions.
First of all, few words about my motivation. I use #Nessus literally every day at work. So, it was fun to check my knowledge. I already wrote about #Tenable education portal in “Study Vulnerability Assessment in #Tenable University for free” post. It’s free. It’s available for everyone on demand. However, #Tenable customers get access to way more content.
At this moment there are four learning plan available for #Tenable customers: for #Nessus, #Tenableio, SecurityCenter and SecurityCenter Continuous View. Each learning plan consist of short video lessons grouped in courses and the final test.
#WSUS #Windows #Tenableio #Tenable #NessusManager #Nessus #VulnerabilityManagement #ComplianceManagement
Read more: https://avleonov.com/2018/02/21/tenable-university-nessus-certificate-of-proficiency/
Masking Vulnerability Scan reports
Continuing the series of posts about #Kenna (“Analyzing Vulnerability Scan data“, “Connectors and REST API“) and similar services. Is it actually safe to send your #vulnerability data to some external cloud service for analysis? Leakage of such information can potentially cause great damage to your organization, right?
It’s once again a problem of trust to vendor. IMHO, in some cases it may make sense to hide the real hostnames and ip-addresses of the target hosts in #scan reports. So, it would be clear for analysis vendor that some critical #vulnerability exists somewhere, but it would not be clear where exactly.
To do this, each hostname/ip-address should be replaced to some values of similar type and should be replaced on the same value each time. So the algorithms of Kenna-like service could work with this masked reports. This mean that we need to create a replacement dictionary.
#xml #python #Nessus #masking #Kenna #json #VulnerabilityManagement #Concept
Read more: https://avleonov.com/2018/02/22/masking-vulnerability-scan-reports/
Continuing the series of posts about #Kenna (“Analyzing Vulnerability Scan data“, “Connectors and REST API“) and similar services. Is it actually safe to send your #vulnerability data to some external cloud service for analysis? Leakage of such information can potentially cause great damage to your organization, right?
It’s once again a problem of trust to vendor. IMHO, in some cases it may make sense to hide the real hostnames and ip-addresses of the target hosts in #scan reports. So, it would be clear for analysis vendor that some critical #vulnerability exists somewhere, but it would not be clear where exactly.
To do this, each hostname/ip-address should be replaced to some values of similar type and should be replaced on the same value each time. So the algorithms of Kenna-like service could work with this masked reports. This mean that we need to create a replacement dictionary.
#xml #python #Nessus #masking #Kenna #json #VulnerabilityManagement #Concept
Read more: https://avleonov.com/2018/02/22/masking-vulnerability-scan-reports/
Non-reliable Nessus scan results
Do you perform massive #vulnerability scans with Nessus? It might be a bad idea. It seems that #Nessus is not reliable enough to assess hundreds and thousands of hosts in one #scan and can lose some valuable information.
The thing is that sometimes #Nessus does not detect open ports and services correctly. And without successful service detection it will not launch other #vulnerability detection plugins (see #Nessus Scan stages in my post about #Tenable University ). Scan results for the host will be empty, however in reality it may have some critical vulnerabilities, that you simply will not see!
Anyway, it’s good to know when #Nessus was not able to detect services on some hosts and you should not relly on these #scan results. Let’s see how we can figure this out.
#timeout #Tenable #PortScanning #Nessus #https #VulnerabilityManagement
Read more: https://avleonov.com/2018/03/02/non-reliable-nessus-scan-results/
Do you perform massive #vulnerability scans with Nessus? It might be a bad idea. It seems that #Nessus is not reliable enough to assess hundreds and thousands of hosts in one #scan and can lose some valuable information.
The thing is that sometimes #Nessus does not detect open ports and services correctly. And without successful service detection it will not launch other #vulnerability detection plugins (see #Nessus Scan stages in my post about #Tenable University ). Scan results for the host will be empty, however in reality it may have some critical vulnerabilities, that you simply will not see!
Anyway, it’s good to know when #Nessus was not able to detect services on some hosts and you should not relly on these #scan results. Let’s see how we can figure this out.
#timeout #Tenable #PortScanning #Nessus #https #VulnerabilityManagement
Read more: https://avleonov.com/2018/03/02/non-reliable-nessus-scan-results/