The Experts below are selected from a list of 20559 Experts worldwide ranked by ideXlab platform
Tzi-cker Chiueh - One of the best experts on this subject based on the ideXlab platform.
-
ACSAC - Automated and safe Vulnerability Assessment
21st Annual Computer Security Applications Conference (ACSAC'05), 2005Co-Authors: Yang Yu, Tzi-cker ChiuehAbstract:As the number of system vulnerabilities multiplies in recent years, Vulnerability Assessment has emerged as a powerful system security administration tool that can identify vulnerabilities in existing systems before they are exploited. Although there are many commercial Vulnerability Assessment tools in the market, none of them can formally guarantee that the Assessment process never compromises the computer systems being tested. This paper proposes a featherweight virtual machine (FVM) technology to address the safety issue associated with Vulnerability testing. Compared with other virtual machine technologies, FVM is designed to facilitate sharing between virtual machines but still provides strong protection between them. The FVM technology allows a Vulnerability Assessment tool to test an exact replica of a production-mode network service, including both hardware and system software components, while guaranteeing that the production-mode network service is fully isolated from the testing process. In addition to safety, the Vulnerability Assessment support system described in this paper can also automate the entire process of Vulnerability testing and thus for the first time makes it feasible to run Vulnerability testing autonomously and frequently. Experiments on a Windows-based prototype show that Nessus Assessment results against an FVM virtual machine are identical to those against a real machine. Furthermore, modifications to the file system and registry state made by Vulnerability Assessment runs are completely isolated from the host machine. Finally, the performance impact of Vulnerability Assessment runs on production network services is as low as 3%
-
Automated and safe Vulnerability Assessment
21st Annual Computer Security Applications Conference (ACSAC'05), 2005Co-Authors: Yang Yu, Tzi-cker ChiuehAbstract:As the number of system vulnerabilities multiplies in recent years, Vulnerability Assessment has emerged as a powerful system security administration tool that can identify vulnerabilities in existing systems before they are exploited. Although there are many commercial Vulnerability Assessment tools in the market, none of them can formally guarantee that the Assessment process never compromises the computer systems being tested. This paper proposes a featherweight virtual machine (FVM) technology to address the safety issue associated with Vulnerability testing. Compared with other virtual machine technologies, FVM is designed to facilitate sharing between virtual machines but still provides strong protection between them. The FVM technology allows a Vulnerability Assessment tool to test an exact replica of a production-mode network service, including both hardware and system software components, while guaranteeing that the production-mode network service is fully isolated from the testing process. In addition to safety, the Vulnerability Assessment support system described in this paper can also automate the entire process of Vulnerability testing and thus for the first time makes it feasible to run Vulnerability testing autonomously and frequently. Experiments on a Windows-based prototype show that Nessus Assessment results against an FVM virtual machine are identical to those against a real machine. Furthermore, modifications to the file system and registry state made by Vulnerability Assessment runs are completely isolated from the host machine. Finally, the performance impact of Vulnerability Assessment runs on production network services is as low as 3%
Susan Snedakar - One of the best experts on this subject based on the ideXlab platform.
-
Vulnerability Assessment: Step One
The Best Damn IT Security Management Book Period, 2020Co-Authors: Susan SnedakarAbstract:This chapter discusses developing a Vulnerability Assessment (VA) methodology by outlining the steps to performing a proper Vulnerability Assessment. A Vulnerability Assessment is different from a penetration test. VA can be performed with broad knowledge of the environment. The purpose of a Vulnerability Assessment is to take a broad snapshot of an environment that shows exposures to known vulnerabilities and configuration issues. Performing a Vulnerability Assessment is only one step in developing a Vulnerability management framework, but it is a very important step. VA can be performed either internally or externally. It is not an effective Vulnerability Assessment if one does not know exactly what is on the network. Nmap is a great tool if the network is small enough that the data can be managed.
-
Vulnerability Assessment 101
The Best Damn IT Security Management Book Period, 2020Co-Authors: Susan SnedakarAbstract:This chapter focuses on what a Vulnerability Assessment is, a traditional and alternative method for discovering vulnerabilities, and the importance of seeking out vulnerabilities. It discusses the steps involved in conducting a Vulnerability Assessment: information gathering/discovery, enumeration, and detection. It also provides an introductory view to Vulnerability Assessment. Single disciplines such as patch management, configuration management, and security management have evolved to support a function known as Vulnerability management. Patch and configuration management technologies have traditionally supported nonsecurity-related initiatives, but nowadays they are primarily leveraged to detect and remediate security liabilities. Traditional methods of Vulnerability Assessment still provide the most accurate level of Vulnerability information, because VA doesn't require administrative rights, it is capable of detecting all hosts residing within our network, and most important, it provides the hacker perspective of devices. In today's environment, a hybrid approach to Vulnerability Assessment that leverages security, patch, and configuration technologies will provide the greatest gains with optimal efficiency.
-
Vulnerability Assessment tools
The Best Damn IT Security Management Book Period, 2007Co-Authors: Susan SnedakarAbstract:This chapter explains and demonstrates the different tools available for performing Vulnerability Assessments. It provides examples from the most common industry-leading tools on the market today. Vulnerability is defined as a software or hardware bug or misconfiguration that a malicious individual can exploit, thereby impacting a system's confidentiality and integrity. It is the Assessment tool's job to identify these bugs and misconfigurations. A Vulnerability Assessment tool probes a system for a specific condition that represents Vulnerability. Some tools operate by using an agent , which is a piece of software that must run on every system to be scanned; other tools operate without the use of agents, and some use a combination of the two configurations. The architecture of the scanning engines, agents, and systems will vary from product to product, but it is this architecture that affects overall scanning performance.
B M Mehtre - One of the best experts on this subject based on the ideXlab platform.
-
Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology
Procedia Computer Science, 2015Co-Authors: Jai Narayan Goel, B M MehtreAbstract:Complexity of systems are increasing day by day. This leads to more and more vulnerabilities in Systems. Attackers use these vulnerabilities to exploit the victim's system. It is better to find out these vulnerabilities in advance before attacker do. The power of Vulnerability Assessment is usually underestimated. While Vulnerability Assessment and Penetration Testing can be used as a cyber-defence technology to provide proactive cyber defence. In this paper we proved Vulnerability Assessment and Penetration Testing (VAPT) as a Cyber defence technology, how we can provide active cyber defence using Vulnerability Assessment and Penetration Testing. We described complete life cycle of Vulnerability Assessment and Penetration Testing on systems or networks and proactive action taken to resolve that Vulnerability and stop possible attack. In this paper we have described prevalent Vulnerability Assessment techniques and some famous premium/open source VAPT tools. We have described complete process of how to use Vulnerability Assessment and Penetration Testing as a powerful Cyber Defence Technology.
-
Vulnerability Assessment penetration testing as a cyber defence technology
Procedia Computer Science, 2015Co-Authors: Jai Narayan Goel, B M MehtreAbstract:Abstract Complexity of systems are increasing day by day. This leads to more and more vulnerabilities in Systems. Attackers use these vulnerabilities to exploit the victim's system. It is better to find out these vulnerabilities in advance before attacker do. The power of Vulnerability Assessment is usually underestimated. While Vulnerability Assessment and Penetration Testing can be used as a cyber-defence technology to provide proactive cyber defence. In this paper we proved Vulnerability Assessment and Penetration Testing (VAPT) as a Cyber defence technology, how we can provide active cyber defence using Vulnerability Assessment and Penetration Testing. We described complete life cycle of Vulnerability Assessment and Penetration Testing on systems or networks and proactive action taken to resolve that Vulnerability and stop possible attack. In this paper we have described prevalent Vulnerability Assessment techniques and some famous premium/open source VAPT tools. We have described complete process of how to use Vulnerability Assessment and Penetration Testing as a powerful Cyber Defence Technology.
Brian Xu - One of the best experts on this subject based on the ideXlab platform.
-
Vulnerability Assessment for Security in Aviation Cyber-Physical Systems
2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), 2017Co-Authors: Sathish A.p. Kumar, Brian XuAbstract:In this paper, we present a Vulnerability Assessment framework that could be used to assess and prevent cyber threats related to wired and wireless networks and computer systems. We have performed Vulnerability Assessment tests for aviation systems including data loaders and in order to meet aviation industry requirements for wireless network security. Our contributions include detecting cyber vulnerabilities in these aviation systems by using Vulnerability Assessment and penetration testing tools such as Metasploit Pro and BackTrack and improving security and safety of aircraft. Based on our test results of cyber vulnerabilities, the corresponding solutions will be developed to fix these vulnerabilities. New Vulnerability Assessment tests will be conducted again until our solutions are secure and safe to use. Some results of our Vulnerability Assessment tests against our software-hardware products are presented.
-
CSCloud - Vulnerability Assessment for Security in Aviation Cyber-Physical Systems
2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), 2017Co-Authors: Sathish A.p. Kumar, Brian XuAbstract:In this paper, we present a Vulnerability Assessment framework that could be used to assess and prevent cyber threats related to wired and wireless networks and computer systems. We have performed Vulnerability Assessment tests for aviation systems including data loaders and in order to meet aviation industry requirements for wireless network security. Our contributions include detecting cyber vulnerabilities in these aviation systems by using Vulnerability Assessment and penetration testing tools such as Metasploit Pro and BackTrack and improving security and safety of aircraft. Based on our test results of cyber vulnerabilities, the corresponding solutions will be developed to fix these vulnerabilities. New Vulnerability Assessment tests will be conducted again until our solutions are secure and safe to use. Some results of our Vulnerability Assessment tests against our software-hardware products are presented
Wengyi Zhao - One of the best experts on this subject based on the ideXlab platform.
-
Slope location-based landslide Vulnerability Assessment
2013 21st International Conference on Geoinformatics, 2013Co-Authors: Ting Li, Yuan Tian, Chenchao Xiao, Wengyi ZhaoAbstract:Landslide Vulnerability Assessment is fundamental to landslide risk management tasks. Most existing methodologies of landslide Vulnerability Assessment are raster-based and do not consider the exact landslide positions and possible impact areas, which inevitably makes the Assessment result impracticable to a certain extent. In this paper, a slope location-based landslide Vulnerability Assessment model is proposed to take the advantages of GIS to address the problem. A case study of Shenzhen is carried out to verify the model. It can be concluded that the model improves the practicability and feasibility of the landslide Vulnerability Assessment results. This study may provide a reference for relative studies on landslide Vulnerability Assessment.
-
Geoinformatics - Slope location-based landslide Vulnerability Assessment
2013 21st International Conference on Geoinformatics, 2013Co-Authors: Ting Li, Yuan Tian, Chenchao Xiao, Wengyi ZhaoAbstract:Landslide Vulnerability Assessment is fundamental to landslide risk management tasks. Most existing methodologies of landslide Vulnerability Assessment are raster-based and do not consider the exact landslide positions and possible impact areas, which inevitably makes the Assessment result impracticable to a certain extent. In this paper, a slope location-based landslide Vulnerability Assessment model is proposed to take the advantages of GIS to address the problem. A case study of Shenzhen is carried out to verify the model. It can be concluded that the model improves the practicability and feasibility of the landslide Vulnerability Assessment results. This study may provide a reference for relative studies on landslide Vulnerability Assessment.
