Rethink Vulnerability Management

Faraday Blog

Create Resistance. Be one step ahead. A security platform to manage everything from one place.

Web Application pentesting: a guide

Offensive SecurityRed teamPentestingVulnerability Management

April 20, 2023

In Security, the concept of attack-surface (or attack surface) refers to the set of entry points that an attacker can use to access a system or application and carry out an attack. In other words, it is the complete map in which a system or application can be violated. They may include software vulnerabilities, insecure configurations, unauthorized access, open ports, application programming interfaces (APIs), among others. The larger the attack surface of a system or application, the greater the risk that an attacker could exploit a vulnerability and compromise the security of the system.

Read More

by faradaysec

Nuclei: Attack Surface with Faraday

Offensive SecurityRed teamPentestingVulnerability Management

April 6, 2023

In Security, the concept of attack-surface (or attack surface) refers to the set of entry points that an attacker can use to access a system or application and carry out an attack. In other words, it is the complete map in which a system or application can be violated. They may include software vulnerabilities, insecure configurations, unauthorized access, open ports, application programming interfaces (APIs), among others. The larger the attack surface of a system or application, the greater the risk that an attacker could exploit a vulnerability and compromise the security of the system.

Read More

by faradaysec

Yara rule and some python scripts for detection and sanitization of Acropalypse (CVE-2023-21036) affected PNG images

Offensive SecurityPentestingVulnerability Management

March 23, 2023

We have just released a YARA to detect vulnerable images of Acropalypse in scale. We also added a sanitization script to remove extra information from PNG files.

Read More

by faradaysec

Automating Security Tasks

Offensive SecurityRed teamPentestingVulnerability Management

March 16, 2023

In this second part (part one), we will show a step by step of a security analysis having in mind a basic methodology:
- Perform a passive recognition of the target
- Go through an active recognition
- Identify vulnerabilities coming from an automatic scanning
- Exploit these vulnerabilities
- Wrap up with an executive report

Read More

by faradaysec

DevSecOps: a thread

Vulnerability ManagementCybersec

March 1, 2023

Let's talk about security into the software development lifecycle. DevSecOPS elp you identify and mitigate security risks early in the development process, reducing the chance of a breach and improving the overall security of their apps.

Read More

by faradaysec

Release v4.3.3

PentestingVulnerability ManagementLatest Release

March 1, 2023

We are excited to announce the release of our latest update, packed with several new features and improvements designed to enhance your vulnerability management experience

Read More

by faradaysec