A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
CISCO Open Source Software
September 27, 2013 at 12:22 pm #180121
Cisco’s Advanced Services has been performing penetration tests for our customers since the acquisition of the Wheel Group in 1998. We call them Security Posture Assessments, or SPA for short, and I’ve been pen testing for just about as long. I’ll let you in on a little secret about penetration testing: it gets messy!
During our typical assessments we may analyze anywhere between 2,000 and 10,000 hosts for vulnerabilities, perform various exploitation methods such as account enumeration and password attempts, buffer/stack overflows, administrative bypasses, and others. We then have to collect and document our results within the one or two weeks we are on site and prepare a report.
How can anyone keep track of all this data, let alone work together as a team? Are you sure you really found the holy grail of customer data and adequately documented it? What if you’re writing the report but you weren’t the one who did the exploit?
The answer is to build a data management application that works for you. The first iterations the SPA team created were a mixture of shell, awk, sed, tcl, perl, expect, python and whatever else engineers felt comfortable programming in. If you remember the Cisco Secure Scanner product (aka NetSonar) then our early tools were this with extra goodies.
We think this isn’t good enough which is why we are releasing our tool, Kvasir, as open source for you to analyze, integrate, update, or ignore. We like the tool a lot and we think it fills a missing key part of penetration testing. It’s not perfect but it’s grown up a lot and will improve.
September 27, 2013 at 12:24 pm #180123
More information from ZDNET
Cisco has opened up access to Kvasir, which helps penetration testers worldwide assess the security levels of computer systems at a glance.
In a blog post, Kurt Grutzmacher, solutions architect at Cisco’s Security Practice Advanced Services team, said that the tool was initially created for the Cisco Systems Advanced Services Security Posture Assessment (SPA) team to keep track of the tests and data collected by the firm’s penetration testers.
A pen test is a way to test a system’s security standard by simulating a cyberattack.
During typical assessments of network security, pen testers may analyze between 2,000 and 10,000 hosts for vulnerabilities, perform various exploitation methods such as account enumeration and password attempts, and then they have to collect, sift through and document the results.
These tests require the use of various tools, including Nmap Security Scanner, Metasploit Pro, ShodanHQ, ImmunitySec CANVAS and Foofus Medusa. That’s where Kvasir comes in — as a means to homogenize data collected on security threats into a unified database structure, which is especially important in a time where large data sets, new data types and the need for inter-team interaction is present.
“Kvasir, as open source for you to analyze, integrate, update, or ignore. [The tool] allows security testers to accurately view the data and make good decisions on the next attack steps,” Grutzmacher writes.
You must be logged in to reply to this topic.