Intro of vulnerability Research
1. To discovering vulnerabilities and designing of weakness will open .
and the application to attack
2.It can be classified based on:
- Severity Lever (Low,medium,or high)
- Exploit range (local or remote)
Important of Vulnerability Research
1. To know how to recover from network attack
2.to gather info about latest updated viruses
3.to get info to helps to prevent security problems
4.to protect your network from being attack
Venerability Research Tools
1. Get from vulnerabilityResearch websitse
Example : - www.securityfocus.com
- www.securiteam.com
- www.hackerstorm.com - www.securitytracker.com
- www.microsoft.com/security
- www.securitymagazine.com
- www.secunia.com- www.hackerwatch.com - www.scmagazine.com
- nvd.nist.gov
:: help you expose your security holes and will show you what the bad guys already know about your hosts and network. ::
::(I-Newswire) April 25, 2009 HackerStorm.com have created scripts which allow easy viewing and browsing of scan job results without the need to run the native software clients.
Tim Mehmet, author if the tool comments: "we created this tool primarily to share scan job results with others on an intranet server, it also works equally well on a Linux laptops or desktops as well for local viewing".
Some of the features included in the HackerStorm Reporter tool are;
- Nessus v3 required & OpenVas v2.
- Simply export scan jobs into XML format and copy to the XML folder to view reports
- View by Risk
- View by Severity
- View just one host or all hosts in report
- Executive summary as well as detailed reports
- Ports and services found report
- Category summary report
- Export scan jobs to Excel (very useful with autofilter enabled).
- Save report as html and send as an offline copy in html.
- Easy installation, just extract the zip file to your web server
Tim mehmet says: "the potential benefits of this tool are really down to ones own imagination, for example, you could deploy the scripts into folders and simply apply permissions so that only certain groups of people can view the results, be it customers or different departments within an organisation".
"one of the more exciting potential benefits is that should you perform multiple scheduled scans on a regular basis, you could monitor the results in near real time with dynamic charting, for example, we have implemented a commercial solution to do this but we wanted an open source alternative as well, with our scripts you simply monitor for new XML reports and flash based charts can update your intranet page dynamically using the data variables that we generate with our scripts".
The tool is free to use, its freely available to download from the hackerstorm.com website. This also applies to professionals who wish to use it for work. Details can be found at http://www.hackerstorm.com.
###
http://www.i-newswire.com/free-reporting-tool-for-nessus/a278292
www.hackerstorm.com
London, UK
Timur Mehmet
