Category Metrics

Security-Database now mapping alerts with CWE/SANS Top 25

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

Read More

Security-Database integrates CAPEC v1.5

Common Attack Pattern Enumeration and Classification (CAPEC) provides a a publicly available catalog of attack patterns along with a comprehensive schema and classification taxonomy. The CAPEC assists in enhancing security throughout the software development lifecycle, and to support the needs of developers, testers and educators

Read More

CWE/SANS Top 25 list updated to v1.0.3

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at al

Read More

Seccubus v1.4.1 released

Seccubus automates regular vulnerability scans with Nessus and OpenVAS and provides delta reporting.

Read More

Security-Database Vulnerability Dashboard updates

Security-Database IT Vulnerability & Threats Dashboard allows readers and others security professionals to visualize in a granular manner the evolution of the attacks and the vulnerabilities list for each products. We use the worldwide references as well as CVE, CVSS, OVAL and CWE which guaranty a trusty and real information that comply to the standards.

Read More

AutoNessus v1.3.2 released

AutoNessus automates regular Nessus scans and provides delta reporting.
The goal is to reduce the analysis time for subsequent scans of the same infrastructure by only reporting delta findings.

Read More

CWE/SANS Top 25 Most Dangerous Programming Errors

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

Read More

CVSS V2.0 Web based calculator released

CVSS stands for Common vulnerability Scoring System. It helps to score vulnerabilities severity and determine urgency of response and patch management. For more advanced information about CVSS Scoring metrics, please refer to http://www.first.org/cvss/.

Read More

CCWAPSS Methodology updated to v1.1

CCWAPSS (Common Criteria Web Application Security Scoring ) is a comprehensive security scoring methodolody dedicated to web application pentests.

This scale aims to sharing a common, open and documented evaluation
methodology between security auditors and the end-customers.

Read More

Focus on CCWAPSS Web Application Scoring Scale Version 1.0

A friend of mine Frederic Charpentier (senior security consultant) developed a good new web application scoring scale called CCWAPSS. CCWAPSS stands for Common Criteria Web Application Security and it aims to share a common evaluation method for web application security assessments/pentests between security auditors and final customers.

Read More

CVSS (Common Vulnerability Scoring System ) Version 2.0 released

The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS consists of 3 groups: Base, Temporal and Environmental.

Read More