pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Vulnerability - Tracking and Remediation

from [Kevin Reiter] [Permanent Link][Original]
To: "xelerated" <xelerated@gmail.com>, <pen-test@securityfocus.com>
Subject: RE: Vulnerability - Tracking and Remediation
From: "Kevin Reiter" <KReiter@insidefsi.net>
Date: Wed, 18 Apr 2007 09:52:51 -0400
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
In-reply-to: <9362a28f0704180446tbc701f0j2f60257a52f95915@mail.gmail.com>
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date: Wed, 18 Apr 2007 20:56:20 -0600 (MDT)
Resent-from: pen-test-return-1078483983@securityfocus.com
Resent-message-id: <20070419025620.0AF35237098@outgoing3.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com
Thread-index: AceBry0og+R+Q28IQaWQ4y0sEueqCAAEUdmw
Thread-topic: Vulnerability - Tracking and Remediation 
Glad to help.

There's a lot of documentation available that tells you how to customize the 
majority of the app (custom fields, etc.), but there's so much of it I haven't 
even attempted it yet ;)

-----Original Message-----
From: xelerated [mailto:xelerated@gmail.com]
Sent: Wednesday, April 18, 2007 7:46 AM
To: Kevin Reiter; pen-test@securityfocus.com
Subject: Re: Vulnerability - Tracking and Remediation


Thanks for the mantis ref, that looks like it just might fit the bill.

Thanks!


On 4/17/07, Kevin Reiter < KReiter@insidefsi.net> wrote:
I've been using Mantis (which is actually a software bug-tracking system) to 
track all the security issues, and it's been working out very well.  URL is 
http://www.mantisbugtracker.com/


On 4/13/07, xelerated <xelerated@gmail.com> wrote:
> I have a question for the pen test community. 
>
> Does anyone have a free (OSS or other) way to take your vuln scan data
> (nessus in this case)
> and do tracking and remediation?
>
> As it sits now, I scan at work atleast 300 machines a month, and my 
> monthly list is growing, and will soon include subnets as well.
>
> I used to take the pipe delimited format and run it through excel and
> work with it from there.
> and that worked fine back when I was only scanning 200 a month max but 
> its become extremely cumbersome.
>
> Also, if there is no such good tool out there, im no coder, but if
> others out there would like to work on such a project id like to do
> that too.
>
> Thanks!


Kevin Reiter
Senior Security Engineer
Financial Services, Inc.
21 Harristown Road
Glen Rock, New Jersey 07452
(201)652-6000, ext. 588
PGP ID: 0xEE665233

This message may contain confidential or proprietary information and is 
intended solely for the individual(s) to whom it is addressed.  If you are not 
a named addressee you should not disseminate, distribute or copy this e-mail or 
act upon the information contained herein.  Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. 


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program! 

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Reminder: HITBSecConf2007 - Malaysia: Call for Papers closing in 2 weeks, Praburaajan
Next by Date:  SensePost Aura - aka Solving the Google API Key Problem.., Haroon Meer
Previous by Thread:  RE: Vulnerability - Tracking and Remediation, Kevin Reiter
Next by Thread:  Re: SAP Pen-testing - complexity - first ideas, Carl Jongsma
Indexes:  [Date] [Thread] [Top] [All Lists]