We just raised a $30M Series A: Read our story
Vulnerability Management Questions
Evgeny Belenky
IT Central Station
Nov 29 2021
Hi security professionals, As the majority of you have probably heard, GoDaddy has been hacked again a few days ago. Based on what is already known, what has been done wrong and what can be done better?  Share your thoughts! (more)

Hi security professionals,

As the majority of you have probably heard, GoDaddy has been hacked again a few days ago.

Based on what is already known, what has been done wrong and what can be done better? 

Share your thoughts!

(less)
Evgeny Belenky
IT Central Station
Nov 22 2021

Hello dear members,

What are the MITRE ATT&CK framework use cases? How can it be integrated/used in an enterprise security strategy?

Jairo Willian PereiraYou can simulate different types of access/attacks using the matrix suggested by… more »
Evgeny Belenky
IT Central Station
Nov 22 2021

Hi peers,

What should one include (essential items) into a Service Level Agreement (SLA) when purchasing cloud penetration testing services? 

Jairo Willian PereiraUsually, CSPs provide a list of what is/isn´t presented in their SLA and… more »
Ram-Chenna
User at FD
Oct 08 2021
Hi peers, We have developed an eCommerce system using the Microsoft Technology Stack.  Now, we would like to perform Vulnerability Assessment and Penetration Testing (VAPT) of this system using a comprehensive tool.  Can anyone recommend a tool that (preferably, an open-source one) to perform… (more)

Hi peers,

We have developed an eCommerce system using the Microsoft Technology Stack. 

Now, we would like to perform Vulnerability Assessment and Penetration Testing (VAPT) of this system using a comprehensive tool. 

Can anyone recommend a tool that (preferably, an open-source one) to perform VAPT on the eCommerce application before releasing it to the client on production?

Thanks for your help!

(less)
Jairo Willian PereiraYou can start with OpenVAS (an excellent tool during "first steps")… more »
Elsayed Ahmed
CIO at AIMS
Nov 24 2021

Hi cybersecurity professionals,

I'm looking for your recommendations about penetration testing tools for SMB/SME. 

What would be your choice? Please share a technical description of why would you choose this tool over others.

Thanks in advance.

User at DDD
Jul 16 2021

Hi, I'm doing integration between Tenable and ServiceNow and I'm looking for an API for Tenable Connector into ServiceNow.

Does anyone have good recommendations? 

Thank you!

Evgeny Belenky
IT Central Station
Jul 28 2021
Hi peers, Which automated tools for penetration testing would you recommend to your colleagues working for enterprises?  Please share 1-3 reasons why you like those tools. (more)

Hi peers,

Which automated tools for penetration testing would you recommend to your colleagues working for enterprises? 

Please share 1-3 reasons why you like those tools.

pentesting automation
(less)
VishalDhamkeThere are many automated DAST & SAST tools but from my perspective, there is no… more »
John RendyHi Evgeny, There is one automated penetration testing tool that performs way… more »
Jairo Willian Pereira
Information Security Manager at a financial services firm with 5,001-10,000 employees
Nov 06 2021
Does anyone have recommendations about methodologies (e.g. use of FAIR framework), plug-ins (ETL schemas, FOSS add-ons) or commercial/free solutions (like Kenna) that can help us during "integration, transformation and consolidation" of vulnerability into risks (from Tenable.IO to Archer)? (more)

Does anyone have recommendations about methodologies (e.g. use of FAIR framework), plug-ins (ETL schemas, FOSS add-ons) or commercial/free solutions (like Kenna) that can help us during "integration, transformation and consolidation" of vulnerability into risks (from Tenable.IO to Archer)?

(less)
James DirksenYes, take a look at DeepSurface. It’s designed to automate the process. 
Stewart GwynClear use with the NIST compliance framework, Archer IRM 6.9.sp3.p2, use of… more »
Rony_Sklar
IT Central Station
Jun 15 2021

Is continuous vulnerability scanning essential? 

Are there other approaches to vulnerability management that do not involve continuous scanning?

George FyffeAs data increasingly moves from on-prem to Public Cloud, we need a complete… more »
Gilbert-KabugiI believe vulnerability scanning is usually a scheduled activity where you can… more »
Jairo Willian PereiraYes, essential*. You can start your program, for example, based on "Internet… more »
Rony_Sklar
IT Central Station
Aug 21 2021

In the past vulnerability assessment has been the primary approach used to detect cyber threats. 

Risk-based vulnerability management has become increasingly popular. 

How do each of these approaches work, and which do you think is more effective?

DavidGilliesAs soon as a vulnerability assessment is complete, it is obsolete. Your… more »
Nikos ChristakisVulnerabiity Assement is a useful process but it's still a snap-shot of your… more »
Paresh MakwanaYOU are right that earlier vulnerability assessment was very basic and done as… more »
Ariel Lindenfeld
Sr. Director of Community
IT Central Station

Let the community know what you think. Share your opinions now!

Fin Nish- Great dashboard - Reporting - Supports multiple formats (PDF, CSV, XML) -… more »
Micheal Iroko-Msc, CISA, CISM, CRISC, COBIT, CEHEnsure compatibility of the vulnerability software to the organization's needs.