Feeds:
Posts
Comments

Posts Tagged ‘CVSS’

Acunetix Web Vulnerability Scanner v10.5 What's New

For those who are in managing  company websites, web applications, portal,  and who are in search for scanning website for vulnerability cause by insecure web applications and in the role of website security management scenario and context.

Then, this summary and highlight of post event video clip will be for you, if you are not able to attend Acunetix Web Vulnerability Scanner (WVS) What’s New version 10.5 Product Overview by E-SPIN for end user and channel partner product seminar session.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

Acunetix Web Vulnerability Scanner v9.5.x

Officially known as CVE-2014-6271, this vulnerability, cordially termed ShellShock, has been assigned the highest CVSS score of 10, a score that the notorious HeartBleed did not achieve. The high score is more than warranted. The vulnerability is very easy to exploit allowing pretty much every script kiddie to take control of a vulnerable server and execute arbitrary code.

Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell. The first disclosed on the vulnerability on 24 September 2014. Many Internet daemons and services, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bah to execute arbitrary commands such as to gain unauthorised access to a computer system.

Acunetix has already been updated to identify web servers vulnerable to ShellShock. The next time you start Acunetix WVS latest version, you will be prompted to install an update, which includes detection of ShellShock.

For interest to know more about how it impact on business infrastructure, and how the E-SPIN carry solutions can help to resolve the case, please feel free to contact E-SPIN officers across the region.

Read Full Post »

Simplifying Network Audits

The task of conducting a full network audit has always been a daunting task to any network related personnel. Nipper is a solution to this problem; it aims to painlessly assist in conducting a network audit through automated configuration vulnerability analysis and an agent-less solution. It triumphs over traditional methods such as penetration testing (A thorough but costly and slow process), agent-based (Software must be installed in each device to be tested which is not always possible), and Network Scanners (can cause networks to be bogged down due to the large amount of probes required).

Nipper2

Nipper’s reporting features allow for an audit to be generated that is tailored specifically to what the end user needs.

  • Personalize reports with your company details so all reports are generated automatically with your company’s name, logo, report naming policy

  • Rate with the default Nipper standards or use CVSS (industry standards vulnerability rating). Customize your environmental variables based on priorities (Low to High) – Confidentiality Requirement, Collateral Damage Potential, and more.

  • Exclude whole Issues (EG. Users with Default Passwords) or specific Devices from an issue.

  • Notes for specific issues

  • Save only what you want to save – specific report sections (EG. Filtering Rules) or entire tables (EG. Security Audit Table)

Reports generated contain information that technical staff can utilize to mitigate the issue and graphical information management can digest easily.

nipper1

Such versatility and cost saving is the reason Titania’s Nipper Studio claimed both Computing Security Awards – Network Security Solution and Enterprise Security Solution of the Year in 2012 against well established competitors such as WatchGuard and Fortinet.

Read Full Post »