Vulnerability Management

Apache Tomcat Vulnerability (CVE 2019 0232)

Apache Tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket technologies. The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License Version 2.

Authored by: Binayak Banerjee

Please click the below PDF to read more

Cyber Security Landscape for 2019

Will 2019 be better or worse than 2018? Traditional business structures will continue to get disrupted over the next two to five years. The digital age has created unprecedented opportunities to do business and deliver services using new technologies. Organizations are rapidly embracing social media, mobility and cloud computing technology and transforming their ICT operations. The fast advancement in above technologies is being driven by the economics of value and advantage created by this competitive change. While this opens up exciting new opportunities, improves efficiency, it also exposes businesses to larger attack surface and associated multiplicative risks of cyber-attacks of adopting such emerging technologies, increased network bandwidth, and interconnected devices.

How attackers exploit vulnerability associated with DNS to launch powerful attacks ?

How attackers exploit vulnerability associated with DNS to launch powerful attacks ? Part 2
The DNS is quite robust but it was designed for usability, without considering security due to which it  often catch the attention of cyber hackers. Over the past years, world witnessed few of the powerful attack targeting DNS. There are numerous DNS attacks which are quite complex most of them take advantage of the communication back and forth between clients and servers. 
In the previous article, I discussed the attack that exploits the working of DNS servers. In this, I am going to elaborate attack that targets the network layer.

How attackers exploit vulnerability associated with DNS to launch powerful attacks?

How attackers exploit vulnerability associated with DNS to launch powerful attacks ?
The Internet works in a manner much similar to the postal service like it's also based on addresses. When the systems wish to communicate over the internet they need to know an address where they can forward the packets or from where the packets/messages are coming. In the language of the computers, these are known as Internet Protocol (IP) address.

15 Parameters to Evaluate a Vulnerability Management Tool

15 Parameters to Evaluate a Vulnerability Management Tool
To deal with current trend of information security and sophisticated cyber threat we need the most efficient and best suited vulnerability management solution for our infrastructure as well as applications. As vulnerability management deal with people, process and technology; we need to choose each of them carefully. Technology is the pillar which is very vast and we cannot opt for multiple investment on the same. We need to be much cautious while choosing the same. One can take into account following parameters while choosing a vulnerability management solution:
  1. Capability in dealing with Asset Inventory: Does the solution provide an asset inventory database? Is it feasible to extend the database schema to support additional fields, such as asset classification? If not, can the technology integrate with other asset management solution/repositories?

Extending SAST tools to detect HARD-CODED PASSWORDS vulnerability

Extending SAST tools to detect HARD-CODED PASSWORDS vulnerability

Sensitive information such as access credentials, passwords, and cryptographic keys should not be stored in the source code. Hard coded passwords may compromise system security in a way that cannot be easily remedied.

Since so many systems are built using an n-tier model, managing automated authentication to back-end systems becomes a problem that needs a solution. For example, the application code might need to authenticate its connection to a back-end database upon which it relies. Many applications use a simple, hard-coded password in the application to ensure it will be able to connect properly. This is a bad idea for several reasons.

First, source code can generally be accessed by a large number of people at an organization spanning adjacent development teams, QA and sometimes even operations staff. That means the hard-coded secret isn't actually secret at all.

QualysGuard asset tagging using Common Platform Enumeration(CPE)


Asset management is a systematic process of deploying, operating, maintaining, upgrading, and disposing of assets cost-effectively. Efficient asset management is highly essential for an effective vulnerability management solution.

The first step in a vulnerability scan is tracking host and these host in groups are basically considered as asset group. While scanning a group of host we include the scope in the matter of asset groups. That is why it is also said that asset management and scanning complement each other. Asset grouping is also important as a complete inventory of asset provides insight into their metadata and this helps the organization to analyze the scan result more comprehensively from security point of view.

What is CPE?

Business logic vulnerabilities and some common scenarios of business logic flaws

Business logic vulnerabilities and some common scenarios of business logic flaws

Web applications have become the core mechanism for business processes over the Internet. As more and more businesses are migrating to the Internet model, it has led to various information security issues and vulnerabilities. SQL Injection, Cross Site Scripting, Remote Code Execution to name a few. However apart from the conventional vulnerabilities, there are many forms of business logic vulnerabilities commonly exploited by attackers. These vulnerabilities are routinely overlooked during QA because the process is intended to test what a piece of code is supposed to do and not what it can be made to do. The other problem(s) with business logic flaws is scanners can’t identify them, IDS can’t detect them, and Web application firewalls can’t defend them.

Approach to an efficient Vulnerability Management Program

Approach to an efficient Vulnerability Management Program

Operational challenges are always associated with a vulnerability management program. However to tackle with the new trend of complexity in IT infrastructure, security professionals are putting immense effort to transform vulnerability management into an effective risk reduction solution. Tuning the same into full efficacy can be highly significant and provide great return in investment if implemented carefully and adjusted regularly. The Organization need to modify traditional pattern and adopt the required-modern approach of vulnerability management. Following approaches will lead to acquire the best solution.

5W-2H Approach for Information Security

5W-2H is a classical management tool usually used for process improvement, which helps in analyzing the problem/process in a holistic manner to suggest possible solutions. This approach brings in a 360 degree perspective, which doesn’t stop with implementation of a single or pointed solution but more of a continuous improvement concept to be used for improvisation. Let’s use this concept for information security, which when process improvised will lead to enhanced governance in place with technological aspects inevitably falling in line.  

Consider the situation of Enterprise Vulnerability Management (EVM) to be implemented in an organization, and let’s see how this 5W-2H tool enables us to connect the dots and formulate a plan of action.


Subscribe to RSS - Vulnerability Management