Skip to Main Content
Network Security Assessment, 2nd Edition
book

Network Security Assessment, 2nd Edition

by Chris McNab
November 2007
Intermediate to advanced content levelIntermediate to advanced
504 pages
13h 21m
English
O'Reilly Media, Inc.
Content preview from Network Security Assessment, 2nd Edition

Appendix B. Sources of Vulnerability Information

To maintain the security of your environment, it is vital to be aware of the latest threats posed to your network and its components. You should regularly check Internet mailing lists and hacking web sites to access the latest public information about vulnerabilities and exploit scripts. I’ve assembled the following lists of web sites and mailing lists that security consultants and hackers use on a daily basis.

Security Mailing Lists

The following mailing lists contain interesting and useful discussion relating to current security vulnerabilities and issues:

BugTraq (http://www.securityfocus.com/archive/1)
Full Disclosure (http://seclists.org/fulldisclosure/)
Pen-Test (http://www.securityfocus.com/archive/101)
Web Application Security (http://www.securityfocus.com/archive/107)
Honeypots (http://www.securityfocus.com/archive/119)
CVE Announce (http://archives.neohapsis.com/archives/cve/)
Nessus development (http://list.nessus.org)
Nmap-hackers (http://seclists.org/nmap-hackers/)
VulnWatch (http://www.vulnwatch.org)

Vulnerability Databases and Lists

The following vulnerability databases and lists can be searched to enumerate vulnerabilities in specific technologies and products:

MITRE CVE (http://cve.mitre.org)
NIST NVD (http://nvd.nist.gov)
ISS X-Force (http://xforce.iss.net)
OSVDB (http://www.osvdb.org)
BugTraq (http://www.securityfocus.com/bid)
CERT vulnerability notes (http://www.kb.cert.org/vuls)
FrSIRT (http://www.frsirt.com)

Underground Web Sites ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Network Security Assessment, 3rd Edition

Network Security Assessment, 3rd Edition

Chris McNab
Cyber Security and Network Security

Cyber Security and Network Security

Sabyasachi Pramanik, Debabrata Samanta, M. Vinay, Abhijit Guha
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596510305Supplemental ContentErrata Page