Vulnerability Management using Open Source Tools v1.0

Vulnerability Management using Open Source Tools

Vikram MehtaSr. Manager – Information Security

MakeMyTrip

Agenda

1. Operational Challenges

2. General Vulnerability Management Architecture

3. Automation Possibilities

4. Insight

5. Info sources

Agenda

4. Insight

5. Info sources

Operational Challenges

1. Multiple scanning sources

2. Consolidating vulnerability information

3. Alerting / notification

4. Lack of consolidated dashboards

5. Tracking to closure

Agenda

4. Insight

5. Info sources

General Architecture

Scanner 1

Scanner 2

Scanner 3

Manual Results

Consolidation Alerting / Analysis

Tracking

Nessus

AlienVault

Manual Results

Tracking

Nessus

AlienVault

Manual Results

Tracking

Automation Possibilities

Nessus

AlienVault

Manual Results

Tracking

Import JobsDB Connectors

Integration Connectors

mySQL ELSA

BugZillaOTRS

Activiti

Agenda

4. Insight

5. Info sources

Insight - Consolidation

Simple DB Connector (ELSA)

Nessus Report Parser (ELSA)

AlienVault

Insight - Consolidation

Third Party

Manual Results

Import Jobs / Custom Code

Database

Insight – Alerting / Analysis

ELSA - Dashboards

Insight – Tracking

BugZilla

IntegrationDatabase ActivitiAPI

Insight – Tracking

BugZilla

IntegrationDatabase ActivitiAPI

Simple issue tracking

Work-flow, SLA andescalation management

Questions?

Info Sources

1. ELSA - https://code.google.com/p/enterprise-log-search-and-archive/

2. BugZilla - http://www.bugzilla.org/

3. Activiti - http://activiti.org/

4. OTRS - http://www.otrs.com/

and a lot of good work already done in this area

Vulnerability Management using Open Source Tools v1.0

Technology

Mapping from Tools Automating Vulnerability

Climate Change Impact and Vulnerability Assessment for ......Climate Change Impact and Vulnerability Assessment for Biodiversity (Methodology, Tools and Indicators) Hristovski Slavčo,

Vulnerability to Climate Change - University of …geog.ucsb.edu/.../2014/08/Vulnerability-to-Climate-Change-Geography...Climate Change Vulnerability Assessment and Adaptation Tools

Fuzzy Logic Tools Reference Manual v1.0

Designing vulnerability testing tools for web services ... › ~mvieira › 2016_IJIS_Tools.pdfDesigning vulnerability testing tools for web services: approach, components, and tools

SOCIAL VULNERABILITY ASSESSMENT TOOLS FOR CLIMATE … · social vulnerability assessment tools for climate change and drr programming 9 In the past twenty years, disasters cost more

Vulnerability Factors in New Web Applications: Audit Tools

Empirical Study of Vulnerability Scanning Tools for JavaScript

Presentation 1 open source tools in continuous integration environment v1.0

Vulnerability Assessment Course Vulnerability Assessment Tools

LMS Tools Guide 20130809 (eng) v1.0

From Vulnerability to Resilience …And the Tools to …...From Vulnerability to Resilience …And the Tools to Get There Out of Harm’s Way Partnership for the Delaware Estuary August

Vulnerability Management Tools Buyer’s Guidecdn.ttgtmedia.com/searchSecurity/downloads/... · The business case for vulnerability management tools E-guide detailed results, although

“Vulnerability Mapping for Disaster Assessment using .../media/esri-india/files/pdfs/events/uc2015/... · “Vulnerability Mapping for Disaster Assessment using ArcGIS Tools and

Application and Learning from Household Vulnerability and Food Security Tools

Vulnerability Assessment Tools - IFT.org

Tools For Climate Change Vulnerability Assessments For ... · TOOLS FOR CLIMATE CHANGE VULNERABILITY ... and adaptive capacity of watersheds to climate change. ... classification

Tools for assessments of vulnerability and adaptation ... · Module II. Concepts, frameworks, methodologies and tools for vulnerability and adaptation assessments Tools for assessments

Vulnerability Management Tools Challenges Practices 1267

SAVE Updated Tools for the Seismic Vulnerability