1 / 6

Vulnerability Database

Mentor: Munawar Hafiz Mentee: Chris Aavang. Vulnerability Database. Abstract. What is a vulnerablility? A vulnerability is a bug, fault, programming error, or defect which compromises the security of an application or system. What is a CVE?

pegeen
Télécharger la présentation

Vulnerability Database

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mentor: Munawar Hafiz Mentee: Chris Aavang Vulnerability Database

  2. Abstract • What is a vulnerablility? • A vulnerability is a bug, fault, programming error, or defect which compromises the security of an application or system. • What is a CVE? • Commen Vulnerability Enumeration or Common Vulnerability/Exposure • Standard for defining common vulnerabilities.

  3. Vulnerability Databases • There are many vulnerability databases: • Security Focus (securityfocus.com) • Bugtraq and Vulnerability Database • CVE (cve.mitre.org) • Maintains CVE system • US-CERT (us-cert.gov) • NVD (nvd.nist.gov) • A few more, but we are not interested in them at the moment

  4. Work So Far • Build a good foundation • What sources should we use? • Security Focus? • US-CERT? • Tools to gather information • Simple program to parse SF entries • Create schemata for data • Gather a small amount of test data

  5. Short Term Goals • Collect a small amount of data (1-2 weeks) from Security Focus's vulnerability database. • Gather contact information on the people who submitted the vulnerability • Gather information about available exploits and patches

  6. Long Term Goals • Contact developers and vulnerability submitters with a questionnaire • Submitters • What tools were used to find vulnerability? • Did this vulnerability lead to discovering other vulnerabilities? • What was the process of submitting the vulnerabilities? • Developers • Was there a patch? What versions of the software were patched? • How was the patch created?

More Related