Download to read offline
Uploaded byPROIDEA
CONFidence 2015: Automated Security scanning - Frank Breedijk, Glenn ten Cate
The document discusses the Seccubus project, initiated to streamline vulnerability scanning and analysis in security operations. This project aims to reduce false positives and automate reporting to enhance efficiency and integrate with continuous delivery workflows. The presentation highlights the development of Seccubus over six years, emphasizing its evolution and features that aid security professionals in managing vulnerabilities effectively.
More Related Content
Similar to CONFidence 2015: Automated Security scanning - Frank Breedijk, Glenn ten Cate
CONFidence 2015: Automated Security scanning - Frank Breedijk, Glenn ten Cate
- 1. CONFIDENCE CONFERENCE Analyzing Security Findignsthe Easy Way 6 years later… SECCUBUS This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
- 2. CONFIDENCE CONFERENCE Frank Breedijk • SecurityOfficer at Schuberg Philis • (Official) Security dude since 2000 • Author of Seccubus Coordinates: • fbreedijk@schubergphilis.com • https://www.linkedin.com/in/seccubus • @Seccubus on Twitter Glenn ten Cate • Mission Critical Engineer Security at Schuberg Philis • Security Dude • Author of Security Knowledge Framework Coordinates: • gtencate@schubergphilis • https://nl.linkedin.com/pub/glenn-ten-cate/3b/11a/117 WHO ARE WE?
- 3. CONFIDENCE CONFERENCE Frustration Being challanged To makemy life easier WHY DID I START THE SECCUBUS PROJECT? Y ? A CC NC ND image by Tehmina Goskar https://www.flickr.com/photos/13114254@N00/119475590/
- 4. CONFIDENCE CONFERENCE C. Lueless Mission: • Mission:Perform a bi-weekly vulnerability scan of all our public IP addresses B. Rightlad A STORY ABOUT TWO GUYS These and all non-attributed photos of Frank Breedijk are taken by Jan Jacob Bos
- 5. CONFIDENCE CONFERENCE C. LUELESS –TAKES A CLASSIC APPROACH
- 6. CONFIDENCE CONFERENCE GETTING UP WAYTO EARLY…
- 7. CONFIDENCE CONFERENCE … STARTING THESCANNER IN THE MAINTENANCE WINDOW…
- 8.
- 9.
- 10. CONFIDENCE CONFERENCE Scanners are writtenfor consultants, not operations Scanners need to make a tradeoff between false positives and false negatives Most scanners produce an awfull lot of output Scanning takes time, tools are poorly automated WHAT IS C. LUELESS’ PROBLEM?
- 11.
- 12.
- 13.
- 14.
- 15. CONFIDENCE CONFERENCE … THE SCANRUNS AT NIGHT … Image: Orion's Umbra, a CC NC image from jahdakinebrah's photostream
- 16. CONFIDENCE CONFERENCE … IN THEMORNING …
- 17. CONFIDENCE CONFERENCE … ANALYZE ANDREMEDIATE
- 18. CONFIDENCE CONFERENCE WHAT HAPPENED UNDERTHE HOOD? Do-scan Nessus/sc an Nessus .nessus files nessus2ivilIvil file Load ivil Database
- 19.
- 20. CONFIDENCE CONFERENCE Is the workin balance with the profit? BALANCE A fine balance a CC NC ND Image by Anish B George https://www.flickr.com/photos/22199070@N00/3311106984/
- 21. CONFIDENCE CONFERENCE TWO WEEKS LATER Image:1/365, a CC NC ND image from cubedude27's photostream
- 22. CONFIDENCE CONFERENCE C. LUELESS –TAKES A CLASSIC APPROACH
- 23. CONFIDENCE CONFERENCE GETTING UP WAYTO EARLY…
- 24. CONFIDENCE CONFERENCE … STARTING THESCANNER IN THE MAINTENANCE WINDOW…
- 25.
- 26.
- 27. CONFIDENCE CONFERENCE WAS IT REALLYWORTH IT?
- 28.
- 29.
- 30.
- 31. CONFIDENCE CONFERENCE … THE SCANRUNS AT NIGHT … Image: Half Moon, a CC NC ND image from za3tooor's photostream
- 32. CONFIDENCE CONFERENCE … IN THEMORNING …
- 33. CONFIDENCE CONFERENCE … ANALYZE ANDREMEDIATE
- 34.
- 35. CONFIDENCE CONFERENCE Don’t bother userswith non-actionable findings OK IS OK… Woo a CC NC SA image by Rick Harrison https://www.flickr.com/photos/81851211@N00/2682663297/
- 36. CONFIDENCE CONFERENCE ANOTHER TWO WEEKSPASS… Image: Cosas hechas, a CC ND image from srgblog's photostream
- 37. CONFIDENCE CONFERENCE C. LUELESS –TAKES A CLASSIC APPROACH
- 38. CONFIDENCE CONFERENCE GETTING UP WAYTO EARLY…
- 39. CONFIDENCE CONFERENCE … STARTING THESCANNER IN THE MAINTENANCE WINDOW…
- 40.
- 41.
- 42.
- 43.
- 44.
- 45. CONFIDENCE CONFERENCE … THE SCANRUNS AT NIGHT … Image: Himalayan Moonrise, a CC NC ND image from swamysk's photostream
- 46. CONFIDENCE CONFERENCE … IN THEMORNING …
- 47. CONFIDENCE CONFERENCE … ANALYZE ANDREMEDIATE
- 48.
- 49. CONFIDENCE CONFERENCE Monthly Seccubus runsmeans: Scans are scheduled via crontab Only the findings that need attention get it Less errors due to less repetitave work. The amount of effort is proportional to the amount of changes Risk is proportional to the amount of changes SO…
- 50. CONFIDENCE CONFERENCE COMPARE Image: Apples &Oranges - They Don't Compare, a CC image from thebusybrain's photostream
- 51. CONFIDENCE CONFERENCE REDUCE Image: Slimmer, aCC NC ND image from mkmabus's photostream
- 52.
- 53. CONFIDENCE CONFERENCE ULTIMATE GOAL Image: StuttgargoalRobin,a CC image from dankamminga's photostream
- 54. CONFIDENCE CONFERENCE Name Seccubus chosenhere at Confidence Added new scanners Wrote a new GUI SECCUBUS HAS EVOLVED Medusa SSLyze
- 55. CONFIDENCE CONFERENCE Intermediate Vulnerability Information Language Intermediateformat that allows tools to interface and exchange findings A LITTLE IVIL GOES A LONG WAY Image: EVIL a CC NC SA image from krazydad's photostream
- 56. CONFIDENCE CONFERENCE It does nottry to capture everything It does not try to fit each case The specification is not 63 pages Simple to read Simple to write Simple to use Simple License (MIT) Easy to integrate new tools into Seccubus IVIL
- 57. CONFIDENCE CONFERENCE Joined Schuberg Philis2 years ago Main focus: Web Application Security We need to integrate this into our pipeline ENTER GLENN Enter here a CC NC ND image by Anne Petersen https://www.flickr.com/photos/60258967@N00/4183985730/
- 58. CONFIDENCE CONFERENCE Breaches are movingfrom layer 3 to layer 7 There’s only so many security dudes to drive the tools Integrate into continuous delivery WHY?
- 59. CONFIDENCE CONFERENCE Google’s web applicationsecurity scanner Open Source Noisy Not very subtile Not production safe! FIRST WIN: SKIPFISH Skip w/ fish a CC NC ND image by AlBakker https://www.flickr.com/photos/45213160@N00/206944920/
- 60. CONFIDENCE CONFERENCE Open source Like Burpbut free (as in speech) Actively developed and maintained OWASP Flag Ship Project SECOND WIN: OWASP ZAP IEEE Scrum a CC NC SA image by Jim Carson https://www.flickr.com/photos/44124442504@N01/2208956607/
- 61. CONFIDENCE CONFERENCE Help developers writebetter code Enable Security by Design • Knowledge system for risk analysis Code Securely • Code examples Check code before commit • OWASP Application Security Verification Standard Newly adopted as OWASP Project SECURITY KNOWLEDGE FRAMEWORK Moving Hacks a CC NC SA image by Brian Sawyer https://www.flickr.com/photos/45609637@N00/229360390/
- 62. CONFIDENCE CONFERENCE Coding • Perl • Angular Requirements •What do you want Testers • Challenge the quality of our crack ;) Documentation • Help us get new users Users SECCUBUS CAN USE YOUR HELP Image: Hang On, a CC NC ND image from brraveheart's photostream
- 63. CONFIDENCE CONFERENCE First public previewof new interface SNEAK PREVIEW "Celebs" a cc by nc sa licensed photo by Nick Sherman: http://flickr.com/photos/nicksherman/4145966095/
- 67. CONFIDENCE CONFERENCE New user interface(RSN) Start/schedule scans from the GUI Integration with Security Knowledge Framework Add user/rights management Track issues as well as findings Reporting More??? ROADMAP Albany NY 1950 a CC image by david https://www.flickr.com/photos/23465812@N00/6877290919/
- 68. CONFIDENCE CONFERENCE www.seccubus.com QUESTIONS Image: What now?,a CC ND image from laurenclose's photostream
- 69. CONFIDENCE CONFERENCE Frank Breedijk • SecurityOfficer at Schuberg Philis • (Official) Security dude since 2000 • Author of Seccubus Coordinates: • fbreedijk@schubergphilis.com • https://www.linkedin.com/in/seccubus • @Seccubus on Twitter Glenn ten Cate • Mission Critical Engineer Security at Schuberg Philis • Security Dude • Author of Security Knowledge Framework Coordinates: • gtencate@schubergphilis • https://nl.linkedin.com/pub/glenn-ten-cate/3b/11a/117 WHO ARE WE?