Web Application Security

OpenSSL ChangeCipherSpec Dashboard

by Michael Willison
June 6, 2014

OpenSSL ChangeCipherSpec Dashboard
As new threats emerge in networks, SecurityCenter customers are able to properly identify risk. This dashboard identifies systems vulnerable to the new OpenSSL ChangeCipherSpec vulnerability.

OWASP Top 10

by Cody Dumont
June 4, 2014

OWASP Top 10 Screen Shot
Web application security is a key concern for SecurityCenter users. The software security community created the Open Web Application Security Project (OWASP) to help educate developers and security professionals. This dashboard provides SecurityCenter users the ability to monitor web application security by identifying the top 10 most critical web application security flaws as described in OWASP’s Top Ten awareness document.

Web Services Indicator Dashboard

by Cody Dumont
July 23, 2013

Web Services Indicator Dashboard Screen Shot
This dashboard provides six indicator style components for web services. Each component is designed to provide a detailed focus on SSL, malicious URLs, external URLs, web service platforms, CGI vulnerabilities, and common web service TCP ports.

Web Plugin Family Indicator Dashboard

by Cody Dumont
July 19, 2013

Web Plugin Family Indicator Dashboard Screen Shot
This dashboard provides four indicator style components, each of which center around web-based services or services commonly found on web servers. For example, many web servers also have an FTP or database service running. The indicators are grouped based on the following plugin families: Service Detection, CGI Abuses, FTP, and Databases.

Software Summary

by Josef Weiss
May 2, 2013

Ideally, updates and security patches should be deployed as soon as they become available, to prevent exploitable vulnerabilities. Reality is, that is a somewhat difficult task, and rarely do patches get deployed as fast as they should.

This dashboard assists organizations by implementing controls to quickly identify, and reduce the potential exploitation of application vulnerabilities.

CIS and DISA IIS Web Server Auditing

by Ron Gula
December 16, 2011

CIS-IIS7

This dashboard was designed to be used to measure CIS, Center for Internet Security, or DISA, Defense Information Systems Agency, IIS Web Server compliance and allow issues to be analyzed quickly leveraging agent-less audits.

Active Web Application and SSL Audit Reporting

by Ron Gula
May 4, 2011

NessusWebScan

This matrix dashboard leverages scan results for Nessus web application audits. Several charts are used to distinctly represent web app scan results, web vulnerabilities, SSL certificate information and web services on common and uncommon ports.