F5F Stay Refreshed Power Users Networks Exist dedicated libraries for identifying weaknesses.

Exist dedicated libraries for identifying weaknesses.

Exist dedicated libraries for identifying weaknesses.

M
mathd001
Member
Find
56
10-04-2023, 09:14 AM
#1
Hello, I'm working on a course assignment about Risk Analysis and searching for a reliable collection of common vulnerabilities. I'm looking for something user-friendly that connects vulnerabilities to particular software and hardware. I'm not sure if such a resource exists, but any helpful suggestion would be appreciated.
Reply
Reply
M
mathd001
10-04-2023, 09:14 AM #1

Hello, I'm working on a course assignment about Risk Analysis and searching for a reliable collection of common vulnerabilities. I'm looking for something user-friendly that connects vulnerabilities to particular software and hardware. I'm not sure if such a resource exists, but any helpful suggestion would be appreciated.

Reply
Reply
M
MaliciousWolf
Member
Find
228
10-12-2023, 08:53 AM
#2
Check the published security issues on the MITRE CVE database.
Reply
Reply
M
MaliciousWolf
10-12-2023, 08:53 AM #2

Check the published security issues on the MITRE CVE database.

Reply
Reply
L
Lucadagreat
Member
Find
236
10-19-2023, 04:36 AM
#3
There's also a CWE (common weakness enumeration) database. https://cwe.mitre.org/ CWE, CCE, CPE, CWE, CVSS, XCCDF, OVAL and etc all falls under the SCAP (Security Content Automation Protocol). You should get familiar with it for your study. If you want a VM with pre-exist vulnerabilities to play with, you can start with OWASP Broken Web Applications Project. https://www.owasp.org/index.php/OWASP_Br...ns_Project Some free scanners to scan for vulnerability includes: Nessus Home - https://www.tenable.com/products/nessus-home OpenVAS - http://www.openvas.org/ OpenSCAP - https://www.open-scap.org/ Nexpose - https://www.rapid7.com/products/nexpose/ Retina Community - https://www.beyondtrust.com/products/ret...community/
Reply
Reply
L
Lucadagreat
10-19-2023, 04:36 AM #3

There's also a CWE (common weakness enumeration) database. https://cwe.mitre.org/ CWE, CCE, CPE, CWE, CVSS, XCCDF, OVAL and etc all falls under the SCAP (Security Content Automation Protocol). You should get familiar with it for your study. If you want a VM with pre-exist vulnerabilities to play with, you can start with OWASP Broken Web Applications Project. https://www.owasp.org/index.php/OWASP_Br...ns_Project Some free scanners to scan for vulnerability includes: Nessus Home - https://www.tenable.com/products/nessus-home OpenVAS - http://www.openvas.org/ OpenSCAP - https://www.open-scap.org/ Nexpose - https://www.rapid7.com/products/nexpose/ Retina Community - https://www.beyondtrust.com/products/ret...community/

Reply
Reply