RE: Vulnerability - Tracking and Remediation

I've been using Mantis (which is actually a software bug-tracking system) to track all the security issues, and it's been working out very well. URL is http://www.mantisbugtracker.com/


On 4/13/07, xelerated <xelerated@xxxxxxxxx> wrote:
I have a question for the pen test community.

Does anyone have a free (OSS or other) way to take your vuln scan data
(nessus in this case)
and do tracking and remediation?

As it sits now, I scan at work atleast 300 machines a month, and my
monthly list is growing, and will soon include subnets as well.

I used to take the pipe delimited format and run it through excel and
work with it from there.
and that worked fine back when I was only scanning 200 a month max but
its become extremely cumbersome.

Also, if there is no such good tool out there, im no coder, but if
others out there would like to work on such a project id like to do
that too.

Thanks!


Kevin Reiter
Senior Security Engineer
Financial Services, Inc.
21 Harristown Road
Glen Rock, New Jersey 07452
(201)652-6000, ext. 588
PGP ID: 0xEE665233

This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Relevant Pages

  • [UNIX] SQL Poisoning Vulnerability in Mantis
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability in Mantis ... SQL statements allowing them to compromise the database's integrity. ... Most of these vulnerabilities are only exploitable in a limited ...
    (Securiteam)
  • [UNIX] Arbitrary Code Execution Vulnerability in Mantis
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Mantis is an Open Source web-based bug ... tracking system, written in PHP, which uses the MySQL database server. ... A security vulnerability in the ...
    (Securiteam)
  • Re: the exploit that wasnt
    ... The other Mac Book Pro? ... brought Microsoft into a security discussion about Mac OS X. ... The number of security patches, ... if you were to scan random machines on the internet for a week, how many Unix machines do you believe you would hit? ...
    (comp.sys.mac.advocacy)
  • Re: Cryptogram Comment
    ... Or had to go through setting up basic security for their ... > bother me with Windows questions. ... > machines are broken. ... and Linux and other open OS's make all patches FREE to redistribute. ...
    (sci.crypt)
  • Re: Temporary Ban On Links In Posts To SRI
    ... understand that there is a risk when clicking ... low)" in the general case does not apply to SRI. ... implement the security measures recommended. ... update" even with machines that are restricted to only applications ...
    (soc.religion.islam)