Home ยป security

security

How to read a Qualys scan report

Reading and analyzing a Qualys scan is an underrated skill. Frankly, I see a lot of misuse and abuse surrounding Qualys scans. So let’s talk about how to read and analyze a Qualys scan for the purpose of understanding and solving problems.

You can read it in the user interface but I recommend exporting a CSV so you can sort and filter. The exact CSV format has changed a bit over the years so they may not be in this exact order. But this will get you started. The most important columns are all here.

Read More »How to read a Qualys scan report

Vulnerability management metrics

I am 75% confident your vulnerability management metrics are too complicated. I’m 75% confident because I’d need to see examples from about twice as many organizations than I’ve seen in order to be 95% confident. But I’ve probably seen 150 more samples than most people. But I have bad news for you. I’m 75% confident your vulnerability management metrics are too simplistic. How can you be both? Measuring the wrong things puts you in situations like that. So let’s talk about NIST’s recommended vulnerability management metrics, and how to more closely align with their recommendations.

Read More »Vulnerability management metrics

How to read a Nessus scan report

Reading and analyzing a Nessus scan is an underrated skill. Frankly, I see a lot of misuse and abuse surrounding Nessus scans. So let’s talk about how to read and analyze a Nessus scan for the purpose of understanding and solving problems.

You can read it in the user interface but I recommend exporting a CSV so you can sort and filter. The exact CSV format has changed a bit over the years so they may not be in this exact order. But this will get you started. The most important columns are all here. You’ll find it very similar to reading a Qualys scan report.

For reference, I used the sample file here: https://github.com/derekmorr/nessus-csv/blob/master/nessus_test.csv

Read More »How to read a Nessus scan report

Qualys duplicate assets

One of the most frequent problems people ask me about when doing a health check on their vulnerability management program is duplicate assets in Qualys. If you simply run the tool with the defaults, it is definitely possible to end up with duplicate assets. But with a few configuration changes, you can mostly eliminate this problem.

Read More »Qualys duplicate assets

Update Windows third-party utilities semi-automatically

I used to have and recommend a tool for updating all your third party software on Windows machines. Unfortunately that tool went end of life several years ago. But Microsoft, of all people, has a tool that works suitably. Usage is similar to apt or yum on Linux. It’s called App Installer, and at the command line, it takes the form of the command winget.

App Installer is a free tool that updates what Windows Update won’t. That means open source apps, but also some third party apps, and even some difficult-to-update Microsoft apps, like the Visual C++ runtime. It is capable of updating more than 3,000 apps.
Read More »Update Windows third-party utilities semi-automatically

Resume downloads with wget

I was downloading from a very intermittent webserver and the download kept quitting less than 80% in. And if my timing wasn’t perfect, the web browser wouldn’t resume it. Then I thought to try to resume my downloads with wget.

wget is a command line tool for Linux, other Unix-like operating systems, and Windows. It is good for resuming downloads and automating other tedious tasks.

Read More »Resume downloads with wget

Is open source software safe to use?

The safety of open source software is a question that comes up periodically from time to time. Let’s talk about why the question keeps coming up, and what’s different about open source software versus closed source software.
The main thing that can get you when it comes to the safety of open source software is anything but obvious. Hint: it isn’t the development model.

Read More »Is open source software safe to use?