Asking the Right Question: Penetration Testing vs. Vulnerability Analysis Tools, Which Is Best?
Lately, many people have been asking what is more important: using vulnerability analysis tools to assess web-based applications or instead focusing on penetrating testing. The fact is that both are important and that a combination approach can prove to be more valuable. Learn more about how the web application security industry has evolved and what needs to be done to ensure the security of applications.
Read the Article
|
Port Scanning Unscanned
Port Scanning is one of the most commonly carried out process amongst Hackers. Almost always, the first thing that a hacker would do on his quest to get root on a remote system is to conduct a port scan on the target system and get a list of open ports. But what exactly happens when you click on the "scan" button of your favorite port scanner? How does the port scanner deduce whether a particular port on the remote system is closed or open? Well, this manual is just about that and a lot more.
Read the Article
|
Five Mistakes of Vulnerability Management
Vulnerability management is viewed by some as an esoteric security management activity. Others see it as a simple process that needs to be done in conjunction with Microsoft Corp's monthly patch update. Yet another group considers it a marketing buzzword made up by the vendors. This article will look at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas.
Read the Article
|
TCP/IP Vulnerabilities and Weaknesses
The intent of this paper is to explain and explore the various serious vulnerabilities in the TCP/IP suite, and IPv4 itself. I assume you have a working knowledge of UNIX-like systems and know a *little* about networking. I will first start with essential IP background knowledge, and then move onto various vulnerabilities in TCP/IP.
Read the Article
|
Fiber Optics and its Security Vulnerabilities
This paper will briefly discuss the history of fiber optics, explain the basics of fiber optic technologies and then discuss the vulnerabilities in fiber optic systems and how they can be better protected. Knowing the security risks and knowing the options available may save a company a lot embarrassment, time, and most importantly money.
Read the Article
|
Challenges of Predictive Analysis for Networks
As of today, there is limited ability to analyze networks and predict risks to the mission associated with these networks. Risk analysis is limited by the mistaken assumption that threat changes slowly - that there is time to recognize new vulnerabilities and new intruders and incorporate this new information into comprehensive threat assessments. In many cases, today's threat assessments also are self-limiting because of a lack of understanding of the driving factors behind security incidents in networks.
Read the Article
|
OCTAVESM Catalog of Practices, Version 2.0
The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVESM) Method enables organizations to identify the risks to their most important assets and build mitigation plans to address those risks. OCTAVE uses three 'catalogs' of information to maintain modularity and keep the method separate from specific technologies. One of these catalogs is the catalog of good security practices. It provides the means to measure an organization's current security practices and to build a strategy for improving its practices to protect its critical assets.
Read the Article
|
Vulnerability Protection - A Buffer for Patching
The purpose of this paper is to identify the problem facing the network security community regarding vulnerabilities and patches. It explains why current security technologies such as firewalls, intrusion detection and prevention systems, and automated patch management solutions have failed in preventing vulnerabilities from being exploited. Finally an alternative approach is proposed that incorporates and builds upon existing security technologies.
Read the Article
|
The Risks of "Big" Vulnerabilities
Recently the IT industry was awakened by the announcement of two security vulnerabilities that represent an exposure for nearly every network in the world. Cisco, an industry leader in networking gear, announced a vulnerability affecting nearly every version of their IOS running on routers that move data across most of the networks for companies worldwide, and the Internet. Almost as if planned, Microsoft announced at the same time a vulnerability affecting most, if not all versions of Windows, from the servers to the desktop, which could have serious ramifications of not mitigated.
Read the Article
|
The Meaning of Security
The term "Security" can be interpreted differently by people and vendors. In this paper, we study the different interpretations from SUN Solaris and NESSUS. This study was done by performing security scans of the SUN Solaris 8 Operating System before and after applying SUN security patches. We will analyze the before and after scans that are performed on the system, look at what the Operating System vendor explained the patches would do and compare the end result with expectations set by the vendor. In the end, you will see that applying patches isn't a complete solution to securing your systems, but a mere step in the process.
Read the Article
|
