Why vulners? Short story about reinventing a wheel
Download as PPTX, PDF1 like952 views
- Vulners.com is a vulnerability database and search engine founded by Kirill Ermakov, a security specialist, to provide a centralized, standardized, and free source for vulnerability information (paragraphs 2, 8, 21). - Existing vulnerability databases and standards had failed to adequately aggregate and standardize vulnerability data from the many different sources in a usable way for security tools and analysts (paragraph 7). - Vulners.com aggregates data from over 40 sources, standardizes it into a unified data model, and provides an API and fast search interface to make the data readily accessible and integratable for purposes like security scanning and analysis (paragraphs 8-13, 19-20).
![16
Example: API
- GET/POST REST API with JSON output
- Search
- https://vulners.com/api/v3/search/lucene/?query=type:cent
os%20cvss.score:[8%20TO%2010]%20order:published
- Information
- https://vulners.com/api/v3/search/id?id=CESA-
2016:1237&references=true
- Export
- https://vulners.com/api/v3/archive/collection?type=exploitd
b](https://image.slidesharecdn.com/whyvulenrs-160722095209/85/Why-vulners-Short-story-about-reinventing-a-wheel-16-320.jpg)
Why vulners? Short story about reinventing a wheel
- 1. Why vulners? Short story about reinventing a wheel Kirill Ermakov, RISSPA, 2016
- 2. 2 #:whoami - vulners.com founder - QIWI Group CTO - Web penetration tester - Member of “hall-of-fames” (Yandex, Mail.ru, Apple and so on) - JBFC community participant
- 3. 3 Vulnerable - Vulnerability - weakness which allows an attacker to reduce a system's information assurance (Wiki) - Some kind of information that represents security issues - Format-free description of function f(object, conditions) returning True/False
- 4. 4 Captain Obvious: Risks - Information systems takeover - Revocation of the licenses - Business continuity - Money loss - …and a lot of other bad things
- 5. 5 Vulnerability management process - Mandatory component of information security - Need2be for a security-aware companies - Necessary to perform in accordance with the PCIDSS and others - Best practice for survival in the Internet
- 7. 7 Content sources fail - Born in 90’s - Every product has it’s own source of vulnerability data - Most information is not acceptable for automatic vulnerability scanners - MITRE, NVD, SCAP, OVAL and others failed to standardize it - Everyone is working on their own - “Search”? Forget about it. Use Google instead.
- 8. 8 vulners.com: Information security “Google” - Vulnerability source data aggregator - Created by security specialists for security specialists - Incredibly fast search engine - Normalized, machine-readable content - Audit features out-of-the-box - API-driven development - Absolutely free
- 9. 9 Content - Vendor security advisories (CentOS, RedHat, Cisco, etc) - Exploit databases (ExploitDB, 0dayToday, Vulnerability Lab) - Security scanners plugins and modules (Metasploit, Nessus) - Bug bounty programs (Hacker One, XSSed, Openbugbounty) - Informational resources (Threatpost, Hacker forums) - 0 days from security scanners (Appercut, HackApp) - … 40+ different sources and growing
- 10. 10 Normalization. We did it! - All data has unified model - Perfect for integration - Security scanners ready - Automatic updateable content - Analytics welcome
- 11. 11 Coverage? One of the largest security DB’s
- 12. 12 Search - Google-style search string - Dorks, advanced queries and many more - UX-driven - Human-oriented - References and data linkage - Extremely fast
- 13. 13 API - REST/JSON - Integration focused scan features - Audit calls for self-made security scanners - Easy expandable - Content sharing features
- 15. 15 Example: advanced queries - Any complex query - title:httpd type:centos order:published last 15 days - Sortable by any field of the model (type, CVSS, dates, reporter, etc) - Apache Lucene syntax (AND, OR and so on) - Exploit search by sources and CVE’s - cvelist:CVE-2014-0160 type:exploitdb - sourceData:.bash_profile - sourceData:"magic bytes”
- 16. 16 Example: API - GET/POST REST API with JSON output - Search - https://vulners.com/api/v3/search/lucene/?query=type:cent os%20cvss.score:[8%20TO%2010]%20order:published - Information - https://vulners.com/api/v3/search/id?id=CESA- 2016:1237&references=true - Export - https://vulners.com/api/v3/archive/collection?type=exploitd b
- 17. 17 Example: RSS - Fully customizable news feed in RSS format - Powered by lucene query - https://vulners.com/rss.xml?query=type:debian - Updates-on-demand. No cache, it builds right when you ask it to. - Atom, Webfeeds, mrss compatible
- 18. 18 Example: Telegram news bot - Up to 3 subscriptions for user - In-app search - Broadcast for emergency news
- 19. 19 Example: Security audit - Easy to use: Just give us output of package manager - https://vulners.com/api/v3/audit/rpm/?os=centos&version= 5&package=php-4.6.17-1.el5.remi-x86_64 - JSON result - Vulnerabilities list - Reason of the decision - References list (exploits, and so on) - Ready to go for Red Hat family, beta-testing for Debian family - Typical call time for 500+ packages list = 160ms - It’s fast. Really fast.
- 21. 21 It is absolutely free - Free for commercial and enterprise use DB and API - Make your own solutions using our powers: - Security scanners - Threat intelligence - Subscriptions - Security automation - Just please, post references if you can
- 22. 22 Thanks - isox@vulners.com - We are really trying to make this world better - Stop paying for features, that are available for free