This week's topic is to discuss websites which have information for threats, vulnerabilities, updates, and security news in general. There are multiple web sites out there that security professionals must be aware of and should monitor on a regular basis either manually or via an automated method. Two of the most popular websites that provides essential information on security threats are pastebin.com and leakedin.com. Both of these sites provide information on leaks of data as well as exploits. Another valuable aspect of these sites is the ability to script retrieval of the information on these sites to facilitate extracting information more efficiently. This websites are so valuable because they are the sites that attackers post their exploits and the information they've stolen regarding customers.
When it comes to finding information on vulnerabilities there are numerous reputable sites for getting information. The US-Cert site http://www.us-cert.gov/ncas/current-activity is an excellent source for information on current vulnerabilities in common applications. Since this site is a government organization it is extremely reliable. http://www.eeye.com/resources/security-center/research/zero-day-tracker is another useful site for security vulnerabilities. This web site keeps track of zero day vulnerabilities and provides information on the effects of the vulnerabilities. This information comes from a reputable organization so it should be trusted.
Virustotal.com is one of my favorite web sites for keeping an eye on websites that have vulnerabilities. This site allows users to submit files and URLs for security scanning. One of the best aspects of this site is the api. Their api allows you to submit automated scan requests and to then retrieve the scan report.
Each of these websites listed above should be a part of the security professional's arsenal in protecting their network from intruders.
No comments:
Post a Comment