OWASP JSEC CVE DETAILS
description
Transcript of OWASP JSEC CVE DETAILS
OWASP JSEC CVE DETAILS
Dibyendu Sikdar (@dibsyhex)OSWAP Kolkata Chapter , Sillycon
>>whoami
• Dibyendu Sikdar • OpenSource Developer & Security Researcher• Project Leader of OWASP JSEC DETAILS• Acknowledged and listed in various Hall of
Fame - AT&T , Microsoft, Oracle ,Adobe ,etc
What is CVE ?
• CVE or The Common Vulnerabilities and Exposures system provides a reference method for publicly known information security vulnerabilities and exposures
Example
• CVE-2014-5250• Details - Unspecified vulnerability in the AJAX
autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors.
So what makes this tool cool?
• This desktop application can be used to fetch the latest CVEs directly from the CVE details online service cvedetails.com.
• Search CVEs• Search Exploits• Search POCs• Search Vulnerabilities
Screenshot
Project Timeline• 13 June 2014 - Released the project as open
source• 17 August 2014 - Requested for OWASP
project approval• 20 August 2014 - Project Proposal Accepted• 21 August 2014 - To be released under
OWASP Kolkata Chapter ,SillyCon• 22 September 2014 - V2.0 Released
Future Plans
• Android Version• Improved UI