Tuesday, May 13, 2008

Security Vulnerabilities and Exploits

Difficulties Faced by IT Security Professionals

One of the difficulties faced by IT security professionals is keeping up with the latest security vulnerabilities in operating systems, databases, and applications.

If an attacker knows a vulnerability and you don’t, your may not be able to effectively defend against the new vulnerability. This is especially true of applications which are accessible from the Internet.

Many sources of security news document vulnerabilities only in general terms. This often does not give the security administrator enough information to effectively defend their systems from attack.

As a result, most security professionals keep up-to-date by attempting to monitor the hacking community. The hacking community, however, consists of tens of thousands of different individual and groups working in a decentralized and unorganized manner.

As such, it is difficult or impossible for any single security professional to keep up with new vulnerabilities discovered by the entire hacking community.

Milw0rm.com is an excellent resource to help with that problem. Milw0rm.com lists vulnerabilities, along with exploits and shellcode. These are organized by platform and by type of access required. I support and in favour of websites like that because they give out exploits and vulnerabilities details openly rather then under table and taking money for it - which makes it unethical.

Milw0rm.com is an excellent addition to resources such as
Open Source Vulnerability Database, The National Vulnerability Database, and Exploit Tree.

No comments: