Follow

Handling Manual Vulnerabilities

Automatic vulnerability scanners are real life-savers, there's no doubt about this. Having large amounts of web applications or network assets, a decent vulnerability scanner can easily and quickly find low hanging fruits and what's equally important is that this process is repeatable.

However, it's no less vital to have a manual security inspection. Business logic security problems, complex security vulnerabilities are giving hard time to vulnerability scanners. Moreover, these findings happen to have urgent level severities most of the time.

NormShield supports a bunch of commercial and non-commercial vulnerability scanners, so importing XML outputs of these scanners historically is a piece of cake. Additionally, NormShield also supports insertion of manual vulnerabilities. So, assume that for a scan, ITSec professional inserts a OpenVAS XML output into the NormShield as shown below.

By clicking list of vulnerabilities found by the scanner he/she reviewing the results as shown below.

By further clicking Add Manual Vulnerability labelled button under the Operations, he/she can easily add his/her own vulnerabilities with its glory details as shown below. If the definition of the vulnerability is new for the NormShield, it can also be created by clicking new link right under the Category labelled autocomplete textbox.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk