Tech Center Vulnerability Management
Dark Reading's Vulnerability Management Tech Center is your portal to all the news, product information, best practices, and other data related to detecting and remediating security vulnerabilities. Written for those who must find and fix enterprise security vulnerabilities, the Vulnerability Management Tech Center is your guide to the latest tools and techniques for preventing security breaches, as well as best practices for responding to new vulnerability discoveries.
Featured Commentary
-
Vincent LiuBeware Of The 'Checklist' Penetration Tester
A surefire way to spot a novice.
News
-
Don't Take Vulnerability Counts At Face Value
With flaw tallies varying by up to 75 percent, vulnerability data needs to be taken with a grain of salt, yet reports based on the data fail to include caveats, Black Hat presenters say
-
No Java Patch For You: 93 Percent Of Users Run Older Versions Of The App
Many end users stuck with older Java to run certain apps, Websense finds
-
'NetTraveler' Cyberespionage Campaign Uncovered
Nearly decade-old attack also has links to other APT groups, infrastructure
-
3 Lessons From Layered Defense's Missed Attacks
Research shows that combining two security products produces widely different improvements in security
-
Tech Insight: Free Versus Commercial Vulnerability Scanning Tools
Free, open-source vulnerability scanning tools are not always cheaper than their commercial counterparts
More Stories
- Web Application Testing Using Real-World Attacks
- Google Building Management System Hack Highlights SCADA Security Challenges
- Microsoft Issues Emergency Fix For IE Zero-Day
- Open Source Software Libraries Get Renewed Scrutiny
- Building A Detente Between Developers And Security
By The Numbers
Top 5 Vulnerabilities Found With Dynamic Analysis
The top 5 vulnerabilities discovered in dynamic analysis tests of applications in 2012. Supporting the results, cross-site scripting flaws were the most popular type of vulnerability HP’s Zero-Day Initiative purchased.
Commentary
-
-
Ron Was Wrong, Whit Is Right, And What You Need To Know
By Vincent Liu
Clarifying the technical findings on a weakness in RSA crypto keys and some recommendations on how to prepare and protect your assets from the next inevitable crypto weakness discovery
-
Can You Train A Great Penetration Tester?
By Vincent Liu
The hacker mindset can't be taught -- it must be developed and refined over time
-
Fighting 0days With Fundamentals
By Vincent Liu
How to pre-emptively secure systems against 0day attacks that, by definition, we know nothing about
-
Pro Pen Testing: The Zero-Knowledge Approach
By Vincent Liu
Special care must be taken in a penetration test that locates targets with 'zero-knowledge'
Around the Web
- Apache CloudStack 4.0.1 Authentication Bypass / Cryptography
- New incoming fax message is actually malware - be on your guard!
- Google Fixes Three High-Risk Flaws in Chrome OS
- Microsoft tells all Windows 7 users to uninstall security patch, after some ...
- Yes, “design flaw” in 1Password is a problem, just not for end users
Dark Reading Reports
-
How Attackers Choose Which Vulnerabilities To Exploit
In the increasingly complex world of information security, it's important for security professionals to be able to understand not only how their organization's systems and data may be compromised but why. In this Dark Reading report we examine why certain vulnerabilities are exploited, by whom and with what. We also provide recommendations for getting out infront of hackers by using some of the same tools and strategies they do.
-
Assessing Risk and Prioritizing Vulnerability Remediation
Vulnerability remediation is a never-ending process, but, even so, security pros can't plug every hole in every asset and application. The key is to determine which vulnerabilities are most likely to be exploited and the effects such exploits would have on the business. To do this, security pros must know the business and its technology usage and needs intimately, a process that must involve stakeholders across the organization. In this report we recommend the steps that should be taken to determine the risk of vulnerabilities and the lengths to which remediation can and should go.
-
Finding Vulnerabilities By Attacking Your Own Environment
Vulnerability scans are valuable, but you have to think and act like a hacker if you want to truly understand the ways in which your organization could be compromised. In this report, Dark Reading recommends the tools and methodologies that can be used to test your organization's security.
- A Guide to Network Vulnerability
- Choosing the Right Vulnerability Scanner for Your Organization
- Using Google to Find Vulnerabilities In Your IT Environment
- Security Pro's Guide to Patch Management
- In-House Malware Analysis: Why You Need It, How to Do It
- Scanning Reality: Limits of Automated Vulnerability Scanners
- Using BSIMM To Develop Safe Applications
Other reports from the Vulnerability Management Tech Center:
Related Content
-
Mobile Devices Drive Majority of Endpoint Security Concerns
The results of the 2013 State of the Endpoint study tracked endpoint risk in organizations, the resources to address the risk and the technologies deployed to manage threats. This study reveals that the state of endpoint risk is not improving and one of the top concerns is the proliferation of personally owned mobile devices in the workplace such as smart phones and iPads. Download "Mobile Devices Drive Majority of Endpoint Security Concerns" to review some of the most noteworthy survey findings, address the difficulties in managing the endpoint risk, and review recommendations to make improvements.
-
IT Pros Guide to Data Protection: Top 5 Tips to Securing Data in the Modern Organization
Ready your organization for more robust data protection measures by first implementing these five steps to improve data security in a business- and cost-effective manner.
-
Best Practice Guide to Addressing Web 2.0 Risks
With the rise of user-generated content, social networks and readily available information offered by the Web 2.0-enabled workplace, users are more connected to people and ideas than ever before. This new level of connectivity also introduces significant risk. Organizations need to find the proper balance of risk vs. productivity through improved policy, controls and education of users.
-
Closing the Antivirus Protection Gap: A Comparative Study on Effective Endpoint Protection Strategies
Corporate economic concerns have put increased pressure on already limited IT resources in recent years as the onslaught of malware and sophistication of cyber attacks continues to grow at exponential rates. As a result, 50% of endpoint operating costs are directly attributable to malware,1 yet, corporate IT budgets are still focused on maintaining stand alone antivirus as the keystone in endpoint security. In this paper, we will benchmark the effectiveness of standalone AV and O/S resident patching solution versus newer technologies and a defense-in-depth of approach of layering multiple endpoint security and operational technologies together.
-
Lumension Guide to Device Control Best Practices
USB flash drives and other removable storage devices continue to proliferate throughout organizations. This could result in the loss or theft of your sensitive corporate and customer data, or in the propagation of malware like Stuxnet. Fortunately, powerful data protection tools are now available to help mitigate these risks, while still enabling flexible and managed use of these productivity devices. Learn about the best practices for deploying device control within your environment. Walk away with the recommended process to successfully prepare, enforce and manage the use of removable devices and media, and to protect your sensitive data.
Free Research and Reports
Whitepapers
- Secrets Revealed: Brilliant Simplicity and Lower TCO
- Top 10 Considerations for Getting Started with VMware Virtualization
- Taneja Group: Overview of Virtualization and Cloud Market Vendor Landscape for SMBs
- Real World Considerations for Implementing Desktop Virtualization eBook
- Websense 2013 Threat Report
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.