SIGINT10 - final10

SIGINT 2010
Konferenz für Netzbewohner, Hacker und Aktivisten

Referenten
Frank Breedijk
Programm
Tag Day 2 - 2010-05-23
Raum Workshop (MP7)
Beginn 12:00
Dauer 01:45
Info
ID 3815
Veranstaltungstyp Workshop
Track Hacker
Sprache der Veranstaltung englisch
Feedback

Seccubus workshop

Analyzing vulnerability assessment data the easy way…

As part of his job as Security Engineer at Schuberg Philis, Frank Breedijk performs regular security scans. The repetitive nature of scanning the same customer infrastructure over and over again made him decide to look for a more automated approach. After building his first scanning scheduler he realized that it actually does not make sense to look at all findings every time they are reported. It would be much better to only investigate the deltas between the scans. The philosophy behind AutoNessus was born.

In his workshop Frank will demonstrate Seccubus by making the attendees perform scans of a live demo environment and explain the inner workings of Seccubus and the philosophy behind it.

What is Seccubus?

Seccubus automates regular vulnerability scans and provides delta reporting. It effectively reduces the analysis time for subsequent scans of the same infrastructure by only reporting delta findings.

Why?

Anyone who has ever used Nessus or OpenVAS will be familiar with one of its biggest drawbacks. Nessus and OpenVAS are very valuable tools, but unfortunately also very noisy. The time needed to report on a single scan will often be two or three times the time needed to do the actual scan. Seccubus was created in order to more effectively analyze the results of regular scans of the same infrastructure.

How does it work?

Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non-issues get ignored until they change. This causes a dramatic reduction of the analysis time.

What will be in the talk?

The talk will be combined presentation and demonstration of the AutoNessus tool. While scanning a live demo environment Frank will discuss the following topics:

* The philosophy behind Seccubus
* The inner workings
* Seccubus in action
* Seccubus in real live

Knowledge gained

Everything about Seccubus and its philosophy.

Why attend?

This talk will give you real world knowledge. You will learn how to do more vulnerability scanning in less time and get more accurate results.

If scanning is part of you job, you should attend this talk. If scanning the same infrastructure more then once is part of your job, this is a must see talk!