Vulnerability Assessment

MUST READ Review: New Hailstorm a viable in-house pen test option ARTICLE - Cenzic's latest version weaves nicely with QA and development teams to test commercial and custom applications for vulnerabilities. Exploit code lurks following new Windows patches ARTICLE - Windows IT managers work to apply critical fixes before exploit code that may have Zotob-like effects can harm vulnerable systems. Simplifying Nessus security scans with a spreadsheet model TIP - In this tip, expert George Wrenn explains how to divide networks into small, manageable IP spaces and maintaining data with a spreadsheet model.

NEWS: 1 - 3 of 48

	Security visualization helps make log files work SearchSecurity.com | 28 Aug 2008 ARTICLE - Using visualization tools, security pros can build charts and graphs to make sense of complex log files and data and improve their company's security stance.

	Security data lapses hamper researchers SearchSecurity.com | 07.01.2008 OPINION - Accurate information on attacks and data breaches could boost research and drive innovation.

	HP aims at IBM with application vulnerability scanning as service SearchSecurity.com | 29 May 2008 ARTICLE - HP offers application scanning as a service to meet IBM's Watchfire AppScan OnDemand software. Interest is being driven by the growing use of Web applications.

	VIEW ALL NEWS ON VULNERABILITY ASSESSMENT

EXPERT TECHNICAL ADVICE: 1 - 3 of 49

VULNERABILITY ASSESSMENT EXPERTS
			Michael Cobb Founder and Managing Director, Cobweb Applications Ltd. ASK A QUESTION

	Screencast: How to use Wikto for Web server assessment 26 Aug 2008 TIP - Peter Giannoulis demonstrates what kinds of website and Web server information can be found using the free Wikto tool.

	Database patch denial: How 'critical' are Oracle's CPUs? 25 Jun 2008 TIP - A recent survey found that a considerable number of users are outright rejecting Oracle's Critical Patch Updates.

	Is a Master Boot Record (MBR) rootkit completely invisible to the OS? 09 Jun 2008 EXPERT ANSWER - Whether or not we see widespread attacks that use MBR rootkits will depend upon two factors. Platform security expert Michael Cobb explains them both.

	VIEW ALL EXPERT TECHNICAL ADVICE ON VULNERABILITY ASSESSMENT

REFERENCE & LEARNING: 1 - 3 of 10

	CISSP Essentials training: Domain 10, Operations Security SearchSecurity.com | 12 Sep 2008 SECURITY SCHOOL - Prepare for the final segment of the CISSP exam by learning about operations security.

	Spotlight article: Domain 10, Operations Security SearchSecurity.com | 12 Sep 2008 SECURITY SCHOOL - Get a detailed introduction to CISSP exam Domain 10, Operations Security.

	Nessus 3 Tutorial SearchSecurity.com | 06 Jun 2008 SEARCHSECURITY TECHNICAL GUIDE - Network security expert Mike Chapple examines the new features in Nessus 3.2 and explains how the scanner can offer detailed reports on an enterprise's network security risks.

	VIEW ALL REFERENCE & LEARNING ON VULNERABILITY ASSESSMENT

MAGAZINE CONTENT (free subscription required): 1 - 3 of 11

	Security Services: QualysGuard Security and Compliance Suite Information Security Magazine | 01 Jun 2008 HOT PICK & PRODUCT REVIEWS - At Your Service

	Survey: Security Pros Identify Priorities for 2008 Information Security Magazine | 01 Feb 2008 FEATURES - Security professionals prioritize mobility and security, identity and access management, protecting data and intellectual property and vulnerability management.

	Web 2.0 application development techniques introduce new information security risks Information Security Magazine | 01 Nov 2007 FEATURES - Ajax, Java and other dynamic application coding methods have pulled computing power over to the client, introducing new risks and resurrecting old ones.

	VIEW ALL MAGAZINE CONTENT ON VULNERABILITY ASSESSMENT

WEBCASTS: 1 - 2 of 2

	Comprehensive threat management: Helping you navigate the data security quagmire - Vendor Webcast VIEW WEBCAST PREMIERED:   27 APR 2006, 14:00 EDT (18:00, GMT) SUMMARY:   Outside attacks continue to threaten your network and drain valuable company resources. This webcast examines how you can protect your network from cyber attacks with an approach that anticipates known and unknown threats.

Solving the Internal Threat - Vendor Webcast VIEW WEBCAST PREMIERED:   17 NOV 2005, 14:00 EST (19:00, GMT) SUMMARY:   Established information security vendors avoid claims of protecting companies from the internal or insider security threat. In today's high-tech world, organizations need a new approach to internal IT security which enables them to detect when their IT infrastructure, enterprise data, corporate policy and government regulations have been compromised. Discover new security solutions in this webcast.

	VIEW ALL WEBCASTS ON VULNERABILITY ASSESSMENT

WHITE PAPERS

	Top Threats to Mobile Networks - And What to Do about Them Published by: Alcatel-Lucent | 17 Nov 2008 WHITE PAPER - This white paper describes the most common attacks on mobile networks and what to do about them.

	IBM Rational AppScan Standard Edition V7.7 Published by: IBM | 21 Oct 2008 TRIAL SOFTWARE - Download a free trial of IBM Rational AppScan Standard Edition V7.7-- previously known as Watchfire AppScan-- a leading Web application security testing tool that automates vulnerability assessments.

	Understanding and Selecting a Database Activity Monitoring Solution Published by: Tizor | 20 Oct 2008 WHITE PAPER - Database Activity Monitoring is an extremely valuable tool for compliance and security; it is critical to the emerging practice of information-centric security.

	VIEW ALL WHITE PAPERS IN THIS TOPIC

DEFINITIONS: 1 - 3 of 3

	risk analysis 18 Apr 2006 WORD - Risk analysis is the process of defining and analyzing the dangers to individuals, businesses and government agencies posed by potential natural and human-caused adverse events. In IT, a risk analysis report can be used to ...

	vulnerability analysis 28 Mar 2006 WORD - Vulnerability analysis, also known as vulnerability assessment, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure. In addition, ...

	gray hat 01 Jun 2001 WORD - Gray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners. Unlike a black hat, a gray hat acts ...

	VIEW ALL DEFINITIONS ON VULNERABILITY ASSESSMENT

	SEE ALSO - Topics Related to Vulnerability Assessment:  Patch Management, Configuration Management, Penetration Testing and Ethical Hacking