OWASP JSEC CVE DETAILS Dibyendu Sikdar (@dibsyhex) OSWAP Kolkata Chapter , Sillycon.
Download ReportTranscript OWASP JSEC CVE DETAILS Dibyendu Sikdar (@dibsyhex) OSWAP Kolkata Chapter , Sillycon.
OWASP JSEC CVE DETAILS Dibyendu Sikdar (@dibsyhex) OSWAP Kolkata Chapter , Sillycon >>whoami • • • • Dibyendu Sikdar OpenSource Developer & Security Researcher Project Leader of OWASP JSEC DETAILS Acknowledged and listed in various Hall of Fame - AT&T , Microsoft, Oracle ,Adobe ,etc What is CVE ? • CVE or The Common Vulnerabilities and Exposures system provides a reference method for publicly known information security vulnerabilities and exposures Example • CVE-2014-5250 • Details - Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors. So what makes this tool cool? • This desktop application can be used to fetch the latest CVEs directly from the CVE details online service cvedetails.com. • Search CVEs • Search Exploits • Search POCs • Search Vulnerabilities Screenshot Project Timeline • 13 June 2014 - Released the project as open source • 17 August 2014 - Requested for OWASP project approval • 20 August 2014 - Project Proposal Accepted • 21 August 2014 - To be released under OWASP Kolkata Chapter ,SillyCon • 22 September 2014 - V2.0 Released Future Plans • Android Version • Improved UI