Skip to main content
Information Security

Questions tagged [vulnerability-scanners]

Ask Question

A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.

419 questions
Newest Active Bountied Unanswered
1 vote
1 answer
91 views

Although there are a number of tools (Burp, metasploit) across multiple training platforms (TryHackMe) with multiple methodologies (Hacktricks, OWASP) for DAST hands-on testing, I've been struggling ...
Rivesticles's user avatar
  • 980
15 votes
2 answers
5k views

I got a Dynamic Application Security Testing (DAST) scan that reports an issue on a web application. It says "The web application contains a link to a non-existing domain" and it's marked ...
anonymous's user avatar
  • 559
1 vote
0 answers
139 views

After running a Nessus scan, one of its plugins checks for cookie injection called "Web Server Generic Cookie Injection" (https://www.tenable.com/plugins/nessus/44135) The scan shows that ...
anonymous's user avatar
  • 559
1 vote
1 answer
214 views

I want to run ZAP automated scan to a web application. I have the url which is example.com/myapp. When I browse the application in burpsuite, I can see some rest endpoints being called like example....
anonymous's user avatar
  • 559
2 votes
1 answer
126 views

For network-based attacks, there are many tools that scan a system for open ports and perform fingerprinting to find out what software is running on the system. Does something similar exist for USB ...
raner's user avatar
  • 153
3 votes
1 answer
216 views

I am running nmap on an http server, and I got the netty version used by the server. Netty version used is 9.4.53.v20231009 , I tried to check online for CVEs related to this version, and it seems ...
anonymous's user avatar
  • 559
1 vote
1 answer
169 views

Using SAST / SCA tools within the delivery pipelines is quite common these days; however, in the software my teams are building, the SAST tools that we're using are very rarely finding even relatively ...
littlebobbytables's user avatar
  • 25
2 votes
2 answers
673 views

So, long story short, I was using an automated vulnerability scanner on a website (bounty hunting is allowed and encouraged,) and it works by injecting payloads in forms and URLs etc., to trigger ...
security_paranoid's user avatar
  • 4,805
1 vote
0 answers
74 views

My company has a lot of projects and uses various vulnerability scanners (e.g. Trivy, npm audit, SAST,...) in different stages in each of them. The Problem is now that although they run well, it's not ...
telion's user avatar
  • 111
0 votes
0 answers
140 views

My mail server (IP, not domains) was recently flagged as a spam source by Spamhaus and I'm looking for help at tracking down the source. First, I verified the forward and reverse DNS records, SPF ...
user1801810's user avatar
  • 389
1 vote
0 answers
180 views

A few days ago I found a vulnerability in a site of scope using the Burp suite scanner with the command nslookup xxx.burpcolaborator.com exploit with the following feature: Issue: OS command injection ...
Deviandorx's user avatar
  • 11
1 vote
0 answers
150 views

The vulnerability test from Nexpose scanned the HP printers and last scan shows "Blind SQL Injection / Remedation plan: Ensure that the Web application validates and encodes user input before ...
Karo1337's user avatar
  • 11
2 votes
2 answers
412 views

I stumbled across a vulnerability considered a critical security risk (CVE-2023-25139) in one of container images I build. Debian's security tracker states it's fixed: https://security-tracker.debian....
Roman Grazhdan's user avatar
  • 23
25 votes
3 answers
8k views

We have recently developed a web application with a RESTful API backend. This web app need to have a certain security certification (something called PCI-DSS), and thus it is being scanned ...
Dantre's user avatar
  • 353
0 votes
0 answers
115 views

Scenario: There is a network infrastructure with IT and OT subnets and DMZ. I can only place 2 scanners in the whole infrastructure. Are there any recommendations or best practices for how to plan the ...
spaceMerc's user avatar
  • 1

15 30 50 per page
1
2 3 4 5
28