VULNERABILITIES


During this week we are going to review few credible sources for vulnerabilities you should know about. For me generally the starting point for any vulnerability research starts with Common Vulnerabilities and Exposures (CVE) site.

1.) Common Vulnerabilities and Exposures Website

CVE is sponsored by the US-CERT in the office of Cyber-security and Communications at the U.S. Department of Homeland Security. It contains searchable database of all published vulnerabilities and makes it easy to check them for an asset or software. the address is https://cve.mitre.org/

Here is an example of the search result:

2.) Computer Security Resource Center (NIST)

The National Institute of Standards and Technology (NIST) is first stop for anyone who is in the field of IT Security or Risk Management. Information contained on this site includes numerous publications on variety of topics including guidelines and instruction on how to complete different task related to the topics. In addition many templates and frameworks are included which are used in Federal government applications and can be easily transitioned into most private sector organisations. Link to the site is https://nvd.nist.gov

Here is the example of the same vulnerability including risk ranking, mitigation techniques and many other valuable details a Cyber security professional should know.

There are many other sites that offer information related to vulnerabilities but for me these two are the primary ones to review when doing risk assessment or threat modeling.