vulnerabilities
play

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, - PDF document

Feb 04, 2024 •107 likes •197 views

Security & Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

  1. Security & Knowledge Management – a.a. 2019/20  There are a set of sources that provide updated information about security vulnerabilities  CVE, Common Vulnerabilities and Exposures  CWE, Common Weakness Enumeration  CAPEC, Common Attack Pattern Enumeration and Classification  ... 1

  2. Security & Knowledge Management – a.a. 2019/20  CVE is a list of entries — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities .  CVE Entries are used in numerous cybersecurity products and services from around the world, including the U.S. National Vulnerability Database (NVD). 2

  3. Security & Knowledge Management – a.a. 2019/20  CWE is a community-developed list of common software security weaknesses. It serves as a common language, a measuring stick for software security tools, and as a baseline for weakness identification, mitigation, and prevention efforts. 3

  4. Security & Knowledge Management – a.a. 2019/20 4

  5. Security & Knowledge Management – a.a. 2019/20  CAPEC helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities.  Understanding how the adversary operates is essential to effective cyber security.  It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses. 5

  6. Security & Knowledge Management – a.a. 2019/20  Collects and classifies the CVE vulnerabilities  CVEs are related with CWEs and with the products (CPE)  Metrics are defined to measure the vulnerability dangerousness,  each vulnerability is classified in different aspects, see CVSS calculators  https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator  provides machine readable JSON data of vulnerabilities description 6

  7. Security & Knowledge Management – a.a. 2019/20 www.cvedetails.com provides an easy to use web interface to CVE  vulnerability data. You can browse for vendors, products and versions and view cve entries, vulnerabilities, related to them. You can view statistics about vendors, products and versions of products  CVE vulnerability data are taken from National Vulnerability Database (NVD) xml feeds provided by NIST. Additional data from several sources like exploits from www.exploit-  db.com, vendor statements and additional vendor supplied data, Metasploit modules are also published in addition to NVD CVE data. Vulnerabilities are classified by cvedetails.com using keyword matching  and cwe numbers if possible, but they are mostly based on keywords.  Unless otherwise stated CVSS scores listed on this site are "CVSS Base Scores" provided in NVD feeds. Vulnerability data are updated daily using NVD feeds. 7

  8. Security & Knowledge Management – a.a. 2019/20  Which are the security measures to be taken when handling payments?  credit cards information are a very sensitive personal data  There are some guidelines to be followed  For example on OWASP  https://www.owasp.org/images/f/f7/Security_of_P ayment_cards.doc  https://cheatsheetseries.owasp.org/cheatsheets/T ransaction_Authorization_Cheat_Sheet.html 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different operating systems Different vendors Client and server systems Vendors try to correct Attackers try to exploit Security professionals must

620 views • 11 slides
Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Rome, May 31, 2011 Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities > analysis of 5 years of field data Jonathan Pollet, CISSP , CAP , PCIP Red Tiger Security [on behalf of the DHS CSSP

413 views • 20 slides
HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Basic Vulnerabilities and their Exploitation Samuel Angebault HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel Angebault staphylo@lse.epita.fr http://lse.epita.fr/ July 18, 2013 Table

969 views • 57 slides
TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction Session Goals Presenter and Trustwave SpiderLabs background Analysis Overview Data Source Most frequently found SEVERE vulnerabilities

907 views • 62 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities Yuan Xiao, Yinqian Zhang, Radu Teodorescu The Ohio State University SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities Leverage

512 views • 24 slides
The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus

The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus

The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus <Stephan.Neuhaus@disi.unitn.it> Thomas Zimmermann <tzimmer@microsoft.com> Vulnerabilities are important because fixing them costs a lot of money (2005

1.9k views • 73 slides
Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design

Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design

Outstanding Communications Solutions Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design Acknowledged signalling vulnerabilities The root problem Mitigation The signaling band-aid A new class

787 views • 54 slides
Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * some slides adapted from those by Trent Jaeger Overflow Vulnerabilities Despite

901 views • 46 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Last time We finished up By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow defenses (and workarounds) Format string vulnerabilities Integer overflow vulnerabilities This time

1.29k views • 80 slides
Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Vulnerabilities in C-based languages

633 views • 59 slides
Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction Databases are the crown jewels of a business or organization Security is paramount Vulnerabilities grant attackers keys to the

600 views • 14 slides
Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA Sourav Sen Gupta 1

Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA Sourav Sen Gupta 1

Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA Sourav Sen Gupta 1 Subhamoy Maitra 1 Willi Meier 2 Goutam Paul 1 Santanu Sarkar 3 Indian

749 views • 30 slides
Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to

Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to

Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to Computer Security Intermission: gdb demo Day 3: Low-level vulnerabilities Basic memory-safety problems Stephen McCamant Where overflows come from

401 views • 8 slides
Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to

Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to

Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to Computer Security Logistics announcements Day 3: Low-level vulnerabilities Basic memory-safety problems Stephen McCamant Where overflows come from

521 views • 9 slides
1 2 3 SMAC: social media analytics cloud; Texty, can we list these in bullets? Alternatively,

1 2 3 SMAC: social media analytics cloud; Texty, can we list these in bullets? Alternatively,

1 2 3 SMAC: social media analytics cloud; Texty, can we list these in bullets? Alternatively, you can bold and highlight certain words making them bigger so that it appears as a story summary but also looks like a wordle. Provided an example.

405 views • 22 slides
CSC 5290: Cyber Security Practice Term Projects Fengwei Zhang Wayne State University CSC 5290

CSC 5290: Cyber Security Practice Term Projects Fengwei Zhang Wayne State University CSC 5290

CSC 5290: Cyber Security Practice Term Projects Fengwei Zhang Wayne State University CSC 5290 Cyber Security Practice 1 General Information A research project with 1-2 individuals Building a new system Improving an existing

104 views • 9 slides
Bivariate Truncated Moment Problems with Algebraic Variety in the Nonnegative Quadrant in R 2

Bivariate Truncated Moment Problems with Algebraic Variety in the Nonnegative Quadrant in R 2

Bivariate Truncated Moment Problems with Algebraic Variety in the Nonnegative Quadrant in R 2 (joint work with Sang Hoon Lee and Jasang Yoon) Ra ul E. Curto, University of Iowa IWOTA 2019; Lisbon, Portugal Truncated Moment Problems , July 25,

702 views • 43 slides
MUonE: how can lattice contribute? Marina Krsti Marinkovi Trinity College Dublin in collab.

MUonE: how can lattice contribute? Marina Krsti Marinkovi Trinity College Dublin in collab.

MUonE: how can lattice contribute? Marina Krsti Marinkovi Trinity College Dublin in collab. w. N. Cardoso (IST, Lisbon) and Second Plenary Workshop of the Muon g-2 Theory Initiative

270 views • 25 slides
CSC 4992: Cyber Security Practice Team Projects Fengwei Zhang Wayne State University CSC 4992

CSC 4992: Cyber Security Practice Team Projects Fengwei Zhang Wayne State University CSC 4992

CSC 4992: Cyber Security Practice Team Projects Fengwei Zhang Wayne State University CSC 4992 Cyber Security Practice 1 General Information A research project with 3-5 individuals Building a new system Improving an existing

405 views • 9 slides
Haskell Literacy in Six Slides Greg Price ( price ) 2008 Jan 29 Greg Price ( price ) () Haskell

Haskell Literacy in Six Slides Greg Price ( price ) 2008 Jan 29 Greg Price ( price ) () Haskell

Haskell Literacy in Six Slides Greg Price ( price ) 2008 Jan 29 Greg Price ( price ) () Haskell Literacy in Six Slides 2008 Jan 29 1 / 13 Haskell Literacy in Six Slides: Running log into Athena (e.g., SIPBs dialup: ssh linux.mit.edu ) add

277 views • 7 slides
Where to Begin FE ATU R E E N G IN E E R IN G W ITH P YSPAR K John Hog u e Lead Data Scientist

Where to Begin FE ATU R E E N G IN E E R IN G W ITH P YSPAR K John Hog u e Lead Data Scientist

Where to Begin FE ATU R E E N G IN E E R IN G W ITH P YSPAR K John Hog u e Lead Data Scientist , General Mills Di v ing Straight to Anal y sis Here be Monsters Become y o u r o w n e x pert De ne goals of anal y sis Research y o u r data Be

644 views • 26 slides
Tribulations of the in this presentation. Affordable Care Act Debbie Albert, PhD, BSN, IBCLC

Tribulations of the in this presentation. Affordable Care Act Debbie Albert, PhD, BSN, IBCLC

10/4/2015 Trials and I have no commercial interest or relationship that would cause bias Tribulations of the in this presentation. Affordable Care Act Debbie Albert, PhD, BSN, IBCLC Disclosure (c) Debbie Albert PhD, BSN, IBCLC 2015

119 views • 7 slides

More recommend