Download as PDF, PPTX
Uploaded byITEM
Automated Vulnerability Assessment and Management
The document presents an overview of automated vulnerability assessment and management, introduced by Anand Tiwari, a pentester with experience in various areas of cybersecurity. It discusses the open-source tool 'Archery' for managing vulnerabilities, its functionalities, challenges in vulnerability assessment, and offers a roadmap for future developments. Additionally, it invites contributions and provides resource links for documentation and contact information.
More Related Content
Similar to Automated Vulnerability Assessment and Management
![[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...](https://cdn.slidesharecdn.com/ss_thumbnails/md-mobileengineerandsoftwareengineerarewestillrelevantsidiqpermana-251127010650-55224ef1-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...](https://cdn.slidesharecdn.com/ss_thumbnails/ai-aifortheunderdogsinnovationforsmallbusinesses-251124030839-72a599a4-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...](https://cdn.slidesharecdn.com/ss_thumbnails/md-craftingimmersiveuiwithe2eandagslshaderveronicaputrianggraini-251124030840-0c677f44-thumbnail.jpg?width=640&height=640&fit=bounds)
Automated Vulnerability Assessment and Management
- 1.
- 2. whoami! • Bug Hunteron Internet – disclosed vulnerability @Google, @Facebook, @Twitter etc. • I’m Anand Tiwari • Pentester – WebApp, MobApp & Network • Working @ Philips Healthcare on Securing Medical Devices. • 5+ Years of Experience in InfoSec. • I love Automation for repeated work.
- 3. agenda •What is VulnerabilityAssessment & Management. •Archery - Open Source VA/VM Tool. •Challenges in VA/VM. •How Archery works ? •Automated Web Application Dynamic Scanning. •Demo time. •Roadmap •How to Contribute ? •Q/A
- 4. Source - Google VulnerabilityAssessment.
- 5.
- 7. Challenges in VA/VM •Multiple scanners. • Manage huge list of vulnerabilities. • Analysis and removing false positive. • Prioritising vulnerabilities. • Tracking vulnerability mitigation. • Organizing Periodic scans.
- 8. Archery - OpenSource VA/VM Tool. • Open Source Vulnerability Assessment and Management Tool. • Automate Vulnerability Scanners. • Vulnerability data Dashboard. • Helping you on Managing & Prioritising Vulnerabilities. • Useful for Pentesters & Developers. • Easy to integrate in CI/CD environment. • Build in Python using Django.
- 9. How Archery works? Scanners Archery Result Parsing Archery Database ZAP Data Burp Data OpenVAS Data Dashboard
- 10. Web Application DynamicAuthenticated scanning. Input URL Cookies db ZAP Replacer ZAP Scanner Selenium Webdriver
- 11.
- 12. Roadmap • More opensource and commercial tool plugin support. • API Scanning and management. • Mobile Vulnerability Management. • Vulnerability PoC pictures. • Cloud security scanning. • Reporting Format.
- 13. How to Contribute? • Test Archery Tool • Write scanners plugin or suggest us scanner support. • Use / Promote / write about the tool. • Report issue & feedback @ https://github.com/ archerysec/archerysec/issues
- 14. Documentation • http://www.archerysec.info • https://archerysec.github.io/archerysec/ •https://archerysec.github.io/archerysecapi/
- 15. Contact • Twitter -https://twitter.com/archerysec • Facebook - https://www.facebook.com/ ArcherySec/ • GitHub - https://github.com/archerysec/