The Federal System’s Need for a Security Assessment Process: Part 1

/
Federal agencies, due to Federal Information Security Management Act (FISMA) requirements, are obligated to assess the effectiveness of their systems, as well as the security controls that are in place as part of the certification and accreditation (C&A) process before operations can be approved.

(MS09-062) GDI+ .Net PropertyItem Heap Overflow Vulnerability (957488)

/
(MS09-062) GDI+ .Net PropertyItem Heap Overflow Vulnerability (957488)

Key New Features in SAINT 7.10

/
SAINT Professional is now available on Mac OS X Lion (10.7). You can now fingerprint iPhones and iPads connected to your network. SAINT includes OS Fingerprinting during network discovery and/or vulnerability scanning. New OWASP Top 10 Web Application scanning policy including 12 new web application checks. DoD IAVA - Department of Defense Information Assurance Vulnerability Alert scanning policy and report template added (Requires IAVA plugin). A new OS Password Guess policyhas been added including: all SAINT password-guessing features (excluding password configuration policies) designed to guess the operating system password checks for default FTP passwords the capability to provide dictionary-based password guessing for operating systems (Windows, *nix), including Cisco and other devices, that have Telnet, SSH or FTP. These checks to do not include password guessing for databases or Web Auth. Enhanced content scanning probe now includes performance enhancements as well as assessments on numerous file formats for Linux and UNIX OSs, in addition to Windows. Live hosts that were identified during network discovery can now be displayed within the GUI. A report can also be generated from this discovery file. Enhancements have been made to the backup & restore functionality to include credentials, custom logos, and additional configuration data. New menu-driven launcher application allows starting SAINTmanager, SAINT nodes, and SAINT web listeners from the desktop menu without command-line knowledge. New SAINTmanager RPM and DEB packages for easier SAINTmanager installation on Linux.

SAINT 7.9 Product Release

/
Key New Features in SAINT 7.9 Vulnerability Scanner Microsoft Patch Tuesday scan policy - This scan policy checks for the latest published Microsoft Patch Tuesday vulnerabilities (2nd Tuesday of each month) New Vulnerability Check Type Coverage now includes - Blind SQL injection

Introducing SAINT for MAC OS X

/
Vulnerability Scanning - Assess any target with an IPv4, IPv6, or URL with pre-defined policies for PCI, HIPAA, FISMA, and more. Identify CVE, OSVDB, IAVA, OVAL, and more. Penetration Testing - Exploit vulnerabilities to gain remote access. Run social engineering, phishing assessments, and more with the exploit tools suite.

Creating a Comprehensive Vulnerability Assessment Program for a Large Company Using QualysGuard

/
ulnerability Assessment, according to wikipedia.org, is the process of identifying and quantifying vulnerabilities in a system. Vulnerability assessment can be used against many different types of systems such as a home security alarm, the protection of a nuclear power plant or a military outpost. Note that vulnerability assessment is different from risk assessments even though they share some of the same commonalities. Vulnerability Assessment concerns itself with the identification of vulnerabilities, the possibilities of reducing those vulnerabilities and improving the capacity to manage future incidents. This paper will focus primarily on vulnerability assessment as it pertains to information technology infrastructure and how utilizing QualysGuard can ease the burden on your technology staff.