Appendix B. Sources of Vulnerability Information
To maintain the security of your environment, it is vital to be aware of the latest threats posed to your network and its components. You should regularly check Internet mailing lists and hacking web sites to access the latest public information about vulnerabilities and exploit scripts. I’ve assembled the following lists of web sites and mailing lists that security consultants and hackers use on a daily basis.
Security Mailing Lists
The following mailing lists contain interesting and useful discussion relating to current security vulnerabilities and issues:
| BugTraq (http://www.securityfocus.com/archive/1) |
| Full Disclosure (http://seclists.org/fulldisclosure/) |
| Pen-Test (http://www.securityfocus.com/archive/101) |
| Web Application Security (http://www.securityfocus.com/archive/107) |
| Honeypots (http://www.securityfocus.com/archive/119) |
| CVE Announce (http://archives.neohapsis.com/archives/cve/) |
| Nessus development (http://list.nessus.org) |
| Nmap-hackers (http://seclists.org/nmap-hackers/) |
| VulnWatch (http://www.vulnwatch.org) |
Vulnerability Databases and Lists
The following vulnerability databases and lists can be searched to enumerate vulnerabilities in specific technologies and products:
| MITRE CVE (http://cve.mitre.org) |
| NIST NVD (http://nvd.nist.gov) |
| ISS X-Force (http://xforce.iss.net) |
| OSVDB (http://www.osvdb.org) |
| BugTraq (http://www.securityfocus.com/bid) |
| CERT vulnerability notes (http://www.kb.cert.org/vuls) |
| FrSIRT (http://www.frsirt.com) |
Underground Web Sites ...
Get Network Security Assessment, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
