Organizations have a need to be competitive and innovative to stay ahead of the industry. Technology can be used to help organizations facilitate a competitive edge. When fused with business processes, innovations in technology can also help partners of organizations to further their own success as well. In many cases, technology and processes shared among organizations occur over the Internet. In order to do business across the Internet, web services need to be available at least on one side of the partnership.
Web services can be simple or complex based on the needs of the organization. Business processes could require many interconnected web services across teams to accomplish a business objective. Complex web services may also involve many different technologies to support a process. As web services become more intricate, the risk of vulnerabilities increases.
When complex or outdated versions of web service technologies are accessible on the Internet, attackers may find these vulnerable web service platforms and exploit them. Analysts need to know about the web services operating within the organization. The Web Services Summary report available within Tenable SecurityCenter uses Tenable Nessus to detect vulnerable web services within the organization. Nessus is able to actively detect and report upon the findings within the network. Active scans performed with credentials can greatly increase the visibility of web service vulnerabilities on each host. Uncredentialed scans of the host may not reveal in-depth detail of each detected web service capability or all of the installed software.
Analysts using this report gain insight into vulnerabilities within well-known web service platforms from vendors such as Apache, IBM, Microsoft, and Oracle. The web service platforms referenced in this report typically have regular security updates that remediate critical and exploitable vulnerabilities. The report provides quick and accurate reference points for analysts to quickly see the impact of vulnerabilities on web services platforms across time.
This report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:
- SecurityCenter 5.4
- Nessus 6.8.1
Tenable SecurityCenter provides continuous network monitoring, vulnerability identification, and security monitoring. SecurityCenter is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audit files. Tenable constantly analyzes information from our unique sensors, delivering continuous visibility and critical context, enabling decisive action that transforms your security program from reactive to proactive. Active scanning examines the web services on the systems, running processes and services, detection of vulnerable software applications, configuration settings, and additional vulnerabilities. With this information, analysts have greater insight to determine if supported and update to date web service platforms are operating within the organization. Tenable enables powerful, yet non-disruptive, continuous monitoring of the organization to ensure vulnerabilities are available to analysts.
This report contains the following chapters:
- Executive Summary: Organizations that offer services on the Internet need to be aware of the risks to the supporting web service platforms
- Web Services Vulnerability Status at a Glance: This chapter provides management with a brief overview of the most critical web services vulnerabilities detected with Tenable Nessus
- Web Services Detailed Vulnerability Details: This chapter assists analysts by displaying detailed information for common vendors that produce web services platforms