Vulnerability Funalitics with vulners.com
-
Upload
kirill-ermakov -
Category
Internet
-
view
497 -
download
0
Transcript of Vulnerability Funalitics with vulners.com
Vulnerability Funaliticswith vulners.com
Kir ErmakovSkolkovo Cyberday, 2016
2
#:whoami
- vulners.com founder
- QIWI Group CTO/CISO
- Web penetration tester
- Member of “hall-of-fames” (Yandex, Mail.ru, Apple and so on)
3
Vulners Database
- Google-style search engine
- 595.000+ security advisories, exploits and CVE’s
- 65 sources of content
- Security awareness subscriptions
- Linux audit API
4
CVE is not a vulnerability
- Suggested to be industry standard
- It’s just identifier
- It’s not forced to use
- Usually ignored
% of advisories without references
5
Reserved forever
- Dead CVEs
- Private vulnerabilities
- Mistakes
6
31337 CVE references
- CVE-2016-1000000
- CVE-2103-0989
- CVE-2014-123456
- CVE-2012-58626428
7
Nessus vs. OpenVAS
- All CVEs: 80196
- Nessus CVE links: 35032
- OpenVAS CVE links: 29240
8
Nessus vs. OpenVAS
- All CVEs: 80196
- Nessus CVE links: 35032
- OpenVAS CVE links: 29240
2673 OpenVAS
6639 Nessus
38207 OpenVAS 50896 Nessus
9
Vendor patch racingAverage “time to patch” in days
10
Scanner racing: RedHat
11
Scanner racing: Debian
12
What about exploit DBs?
- Nobody really cares
- It’s really hard to find the one, who marked CVE
- Match hell
% of exploits without references
13
Unique content. ORLY?
- Aggregation or plagiarism?
- Who was the origin?
- ±41% are duplicates
14
Exploit DBs
- Unique content they said
- Ultimate collection they said
- Matched to CVE they said
15
Thanks
- Analyze with us
- We are really trying to make this world better
- Stop paying for features that are available for free