Automated Vulnerability Assessment and Management
1 like126 views
The document presents an overview of automated vulnerability assessment and management, introduced by Anand Tiwari, a pentester with experience in various areas of cybersecurity. It discusses the open-source tool 'Archery' for managing vulnerabilities, its functionalities, challenges in vulnerability assessment, and offers a roadmap for future developments. Additionally, it invites contributions and provides resource links for documentation and contact information.
Automated Vulnerability Assessment and Management
- 2. whoami! β’ Bug Hunter on Internet β disclosed vulnerability @Google, @Facebook, @Twitter etc. β’ Iβm Anand Tiwari β’ Pentester β WebApp, MobApp & Network β’ Working @ Philips Healthcare on Securing Medical Devices. β’ 5+ Years of Experience in InfoSec. β’ I love Automation for repeated work.
- 3. agenda β’What is Vulnerability Assessment & Management. β’Archery - Open Source VA/VM Tool. β’Challenges in VA/VM. β’How Archery works ? β’Automated Web Application Dynamic Scanning. β’Demo time. β’Roadmap β’How to Contribute ? β’Q/A
- 4. Source - Google Vulnerability Assessment.
- 5. Vulnerability Management. Source - Google
- 7. Challenges in VA/VM β’ Multiple scanners. β’ Manage huge list of vulnerabilities. β’ Analysis and removing false positive. β’ Prioritising vulnerabilities. β’ Tracking vulnerability mitigation. β’ Organizing Periodic scans.
- 8. Archery - Open Source VA/VM Tool. β’ Open Source Vulnerability Assessment and Management Tool. β’ Automate Vulnerability Scanners. β’ Vulnerability data Dashboard. β’ Helping you on Managing & Prioritising Vulnerabilities. β’ Useful for Pentesters & Developers. β’ Easy to integrate in CI/CD environment. β’ Build in Python using Django.
- 9. How Archery works ? Scanners Archery Result Parsing Archery Database ZAP Data Burp Data OpenVAS Data Dashboard
- 10. Web Application Dynamic Authenticated scanning. Input URL Cookies db ZAP Replacer ZAP Scanner Selenium Webdriver
- 11. Demo
- 12. Roadmap β’ More open source and commercial tool plugin support. β’ API Scanning and management. β’ Mobile Vulnerability Management. β’ Vulnerability PoC pictures. β’ Cloud security scanning. β’ Reporting Format.
- 13. How to Contribute ? β’ Test Archery Tool β’ Write scanners plugin or suggest us scanner support. β’ Use / Promote / write about the tool. β’ Report issue & feedback @ https://github.com/ archerysec/archerysec/issues
- 14. Documentation β’ http://www.archerysec.info β’ https://archerysec.github.io/archerysec/ β’ https://archerysec.github.io/archerysecapi/
- 15. Contact β’ Twitter - https://twitter.com/archerysec β’ Facebook - https://www.facebook.com/ ArcherySec/ β’ GitHub - https://github.com/archerysec/