Investigation of Vulnerabilities
New vulnerabilities in network services are disclosed daily to the security community and the underground alike through Internet mailing lists and various public forums. Proof-of-concept tools are often published for use by security consultants, whereas full-blown exploits are increasingly retained by hackers and not publicly disclosed in this fashion.
The following web sites are extremely useful for investigating potential vulnerabilities within network services:
- SecurityFocus (http://www.securityfocus.com)
- milw0rm (http://www.milw0rm.com)
- Packet Storm (http://www.packetstormsecurity.org)
- FrSIRT (http://www.frsirt.com)
- MITRE Corporation CVE (http://cve.mitre.org)
- NIST National Vulnerability Database (http://nvd.nist.gov)
- ISS X-Force (http://xforce.iss.net)
- CERT vulnerability notes (http://www.kb.cert.org/vuls)
'Hacking' 카테고리의 다른 글
Dynamic-Link Library Creation (0) | 2008.11.21 |
---|---|
Comercial Vulnerability Alerts (0) | 2008.11.21 |
1.4. Assessment Service Definitions (0) | 2008.11.21 |
Snort Configuration : Linux (0) | 2008.11.18 |
TOP SQL injection tool lists [15] (0) | 2008.11.12 |