Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Web Development Tools Vulnerabilities

by Andrew Freeborn
August 8, 2016

Web Development Tools Vulnerabilities report

Organizations have varying levels of web “presence” depending on the need of the business. An organization may have a small website with one person managing the content on the website. Another organization may have a dynamic, rich, and extensive web presence across multiple mediums requiring multiple teams across the world to maintain. Regardless of where an organization lands between those ends of web development, they all need tools to do the work. Like any piece of software, eventually there will be vulnerabilities discovered within the web development tools that will need to be addressed.

The best method to discover vulnerabilities is to perform active and passive scanning with Tenable SecurityCenter Continuous View (CV). When using both methods to collect vulnerability data, analysts using SecurityCenter CV can find vulnerabilities associated with web development tools much faster. With this information, the appropriate remediation actions can be taken for the best path forward. Depending on the situation, older web development tools may be needed to support legacy web applications and content platforms. This report allows analysts to properly assess the risk to the organization with the discovered web development tools.

Web developers use a variety of tools such as Microsoft Visual Studio, Adobe Dreamweaver, and more. As these tools can be installed across multiple platforms, Tenable Nessus and Tenable Passive Vulnerability Scanner (PVS) detect and identify these tools. Analysts will see vulnerabilities associated with these tools that may require coordination with the developers to remediate when possible. This report also provides analysts with a snapshot of these vulnerabilities over time as well as by vendor.

Analysts can see detailed information of vulnerabilities such as whether or not the vulnerability is exploitable. An exploitable vulnerability, even just a handful across the organization, can leave the organization open to attack. In some cases, developers grab code from the internet to fix an issue or test out a new feature. If the developers are provided with a custom piece of code from the internet, the code could be malicious in nature and rely upon an older version of a web development tool. With this malicious code running on an outdated version of the tool, an attacker could gain a foothold within the organization. Remediating the vulnerability or mitigating the risk of the vulnerable tool can help an organization stay secure.

This report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the SecurityCenter Feed under the category Discovery & Detection. The report requirements are:

  • SecurityCenter 5.4
  • Nessus 6.7
  • PVS 5.1

Tenable SecurityCenter Continuous View (CV) provides continuous network monitoring, vulnerability identification, and security monitoring. SecurityCenter CV is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audit files. Tenable constantly analyzes information from our unique sensors, delivering continuous visibility and critical context, enabling decisive action that transforms your security program from reactive to proactive. Active scanning examines the devices on the systems, running processes and services, detection of vulnerable software development applications, configuration settings, and additional vulnerabilities. With this information, analysts have greater insight to determine if supported software and systems are operating within the organization. Continually scanning the network with passive sensors for servers, desktops, and applications helps prioritize security efforts to mitigate threats and weaknesses. Organizations continue to operate with more mobile and transient network devices and need to have a system in place that continuously monitors traffic, devices, applications, and communications across environments. Tenable enables powerful, yet non-disruptive, continuous monitoring of the organization to ensure vulnerabilities are available to analysts.

This report contains the following chapters:

  • Executive Summary: This chapter provides an overview of web development tools vulnerabilities. Management and analysts can use this chapter to view a quick overview of the vulnerabilities in the environment related to web development tools. This chapter provides different views of the vulnerabilities to quickly assert the impact of the vulnerabilities on the network.
  • Web Development Tools Vulnerabilities Vendor Summary: This chapter provides an overview by vendor of web development tools vulnerabilities. Developers may use multiple tools to perform their necessary work for web development. The tools may come from multiple vendors depending on the needs of the organization and the work necessary to produce web content. This chapter provides a snapshot of vulnerabilities from vendors such as Adobe, Apache, and Microsoft. Analysts can alter this chapter to modify the vendors represented to better reflect the vendors of web development tools used in the organization.
  • Web Development Tools Vulnerabilities over time: This chapter provides analysts an overview across time of vulnerabilities with web development tools. With this information, analysts can quickly see vulnerabilities across all web development tools over different time frames. The information can be valuable to help guide vulnerability remediation efforts to remediate or mitigate the risk of the vulnerabilities.
  • Top 25 Web Development Tools Vulnerabilities: This chapter provides an overview of the top 25 vulnerabilities detected for web development tools. With this information, analysts can quickly see vulnerabilities across all web development tools by the highest vulnerability severity. The information can be valuable to help guide vulnerability remediation efforts to remediate or mitigate the risk of the highest severity vulnerabilities.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training