Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 187 - "Exposing Web Application Vulnerabilities"

Welcome to the Tenable Network Security Podcast Episode 187

Announcements

Note: Passive Vulnerability Scanner (PVS) is now Nessus Network Monitor. To learn more about this application and its latest capabilities, visit the Nessus Network Monitor web page.

Discussion & Highlighted Plugins

  • Digging For Gold: Finding Vulnerable Web Applications - The Passive Vulnerability Scanner has many strengths, one of which is its ability to pick out vulnerable web applications in your environment. Over the years working for several different organizations, this has been a re-occurring problem. Specifically, when you work for an organization large enough to have folks deploying their own applications (and it doesn't have to be that large of an organization to have this problem). Web applications help solve a problem, whether it be a blog for corporate communications or a photo gallery for a student group. It's too easy to choose the wrong application, or install an application today that introduces a serious vulnerability down the road. While you can scan using traditional network-based scanning, asking your administrators to keep tabs on installed applications or manually audit your web servers, you will undoubtedly miss something. For systems administrators, this can be a tough task because a web application can be represented by a collection of downloaded files, not part of the operating system package management system. By listening to the network traffic, applications and their vulnerabilities can be easily spotted.
  • Top Problems: Patches, Virtualization/Cloud, and Mobile/BYOD - Jack Daniel and I presented 3 webcasts in a 4-part series called "Vulnerabilities Exposed". We highlighted several problem areas for organizations. First, we covered the patch problem – how organizations still struggle to keep things patched and how you can reduce your patch cycle. Then, we took on virtualization and cloud. These two technologies are in large part responsible for changing the face of IT as we know it, and altering your security strategies forever. We now have a much greater attack surface and more applications outside of our control than ever before. Recently, we took a look at the mobile and BYOD problem. Not just limited to smartphones and tablets, today's workforce has more technology available to them than ever before. Using Tenable products we outlined techniques to stay ahead of this problem. Finally, on November 12th, Jack, Renaud Deraison, and I will talk about how to take all of the information our products collected on these vulnerabilities and threats and distill them down for management.

Nessus

Passive Vulnerability Scanner

SecurityCenter Apps

Security News Stories

  1. Tenable Network Security Expands EMEA Team
  2. SAI Global Deploys Tenable Network Security to Combat Security Vulnerabilities and Compliance
  3. Doctors disabled wireless in Dick Cheney's pacemaker to thwart hacking
  4. Ten Physical Security Tips for Mobile Devices | Cyveillance Blog - The Cyber Intelligence Blog
  5. Capturing The Flag, SQLi-Style | Dark Reading
  6. Researchers uncover holes that open power stations to hacking | Ars Technica
  7. From China, With Love | /dev/ttyS0

 

 

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security