vulnerability
The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.
While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.
Related contents:
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
Related contents:
The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a critical pillar of the global cybersecurity infrastructure for 25 years.
Related contents:
As per the NIS2 Directive, ENISA is mandated to develop and maintain the European vulnerability database.
Access to reliable and timely information about vulnerabilities affecting Information and Communication Technology (ICT) products and services contributes to an enhanced cybersecurity risk management. Sources of publicly available information about vulnerabilities are an important tool for users of these services, competent authorities, and the broader cybersecurity community. ENISA has established a European Vulnerability Database (EUVD) where entities, regardless of whether they fall within the scope of the NIS2 Directive, and their suppliers of network and information systems, as well as competent authorities, most notably CSIRTs, can voluntarily disclose and register publicly known vulnerabilities to allow users to take appropriate mitigating measures.
Open Source DevSecOps. CI/CD and DevSecOps Automation
The leading application vulnerability management tool. Built for both DevSecOps and traditional application security. DevSecOps, ASPM, Vulnerability Management. All on one platform.
DefectDojo is a DevSecOps, ASPM (application security posture management), and vulnerability management tool. DefectDojo orchestrates end-to-end security testing, vulnerability tracking, deduplication, remediation, and reporting.
Source: Savez-vous ce qui est un OpenVOC ? @ Florian Dudaev's LinkedIn :fr:.
Over 100 forks of deliberately vulnerable web applications and APIs.
The World’s First Truly Open Threat Intelligence Community
BinDiff is a comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
With BinDiff you can identify and isolate fixes for vulnerabilities in vendor-supplied patches. You can also port symbols and comments between disassemblies of multiple versions of the same binary or use BinDiff to gather evidence for code theft or patent infringement.
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing.
VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a switch on/off to allow the API to be vulnerable or not while testing. This allows to cover better the cases for false positives/negatives. VAmPI can also be used for learning/teaching purposes. You can find a bit more details about the vulnerabilities in erev0s.com.
Protect your business, scale your security. Open Source Vulnerability Management Platform.
Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on the run. Faraday was made to let you take advantage of the available tools in the community in a truly multiuser way.
Faraday aggregates and normalizes the data you load, allowing exploring it into different visualizations that are useful to managers and analysts alike.
Lfi Scan Tool.
LFI Space is a robust and efficient tool designed to detect Local File Inclusion (LFI) vulnerabilities in web applications. This tool simplifies the process of identifying potential security flaws by leveraging two distinct scanning methods: Google Dork Search and Targeted URL Scan. With its comprehensive approach, LFI Space assists security professionals, penetration testers, and ethical hackers in assessing the security posture of web applications.
A distributed vulnerability database for Open Source. An open, precise, and distributed approach to producing and consuming vulnerability information for open source.
Related contents:
Depuis 1999, l'équipe Vigil@nce veille les vulnérabilités publiques qui affectent votre parc informatique, puis propose des correctifs sécurité, une base et des outils pour y remédier. Chaque personne du SOC choisit la liste des logiciels à surveiller. Dès que Vigil@nce publie une alerte pour l'un de ses logiciels, la personne reçoit un bulletin de vigilance, contenant une explication simple de la faille, ses correctifs et ses contre-mesures.