Andrew Freeborn

Vulnerabilities discovered within software can be the result of insecure coding practices used during the development process. When a vulnerability exists as a result of a design decision by an operating system vendor, these problems can put organizations at a greater risk on a larger scale. This report can assist analysts by quickly identifying instances where services on Microsoft Windows are running without unquoted file paths.

PCI DSS helps entities understand and implement standards for security policies, technologies, and ongoing processes that protect payment systems from breaches and theft of cardholder data. Any organization that handles payment card information must adhere to the PCI DSS and must demonstrate compliance annually. The PCI Vulnerability Management Program dashboard can assist organizations in assessing their level of adherence with the PCI DSS requirements for vulnerability management.

PCI DSS helps entities understand and implement standards for security policies, technologies, and ongoing processes that protect payment systems from breaches and theft of cardholder data. Any organization that handles payment card information must adhere to the PCI DSS and must demonstrate compliance annually. The PCI Quarterly Internal Vulnerability Scanning dashboard presents extensive data about the vulnerability status of the cardholder data environment based on the available data.

Web browsers are a major piece of software in most organizations. As a result of the popularity and versatility of web browsers and their use in an organization, web browsers are a major target for attack. Analysts can use this report to identify vulnerable web browsers in an organization and the associated vulnerabilities with each web browser.

Organizations are offering more services and products with web interfaces to better enable workflows in the environment. As more web services come online, unintentional information disclosures and abilities may inadvertently be enabled. This report assists analysts by displaying HTTP headers, options, certificate lifetimes and associated vulnerabilities for risk mitigation or remediation.