Comprehensive Benign Exploit Archive Testing Service

Discussion in 'other security issues & news' started by Devinco, Jul 14, 2006.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    If this already exists, let me know where to sign up.

    This service would be able to answer these difficult questions:
    I updated Windows for the xyz exploit and now I installed a program that may have installed xyz related components that could re-expose the vulnerability, how do I know if it is still securely patched?
    Is alternate media viewer X also vulnerable to media exploit A?
    It would also be able to answer the Magic Bytes Question. :D

    The service would be a complete resource of all known exploits for a particular OS. The exploits would only be available as benign versions for subscribers so people could test if their system was vulnerable without doing harm to the system. The exploits could be tested individually, or a scanner type system could be developed that would test each exploit in sequence and generate a report. It would also provide instructions where to go and what to do to fix/update/patch the vulnerability. As many of these exploits have online aspects, some online type exploit scanner(s) would be needed also.

    Unlike services like HackerWhacker, this service would be geared towards exploits of the local computer instead of a web server.
    This would be no simple task, but the renewable subscription could be done per computer like antivirus.
    If the service itself could not provide complete coverage of the exploits, it should at least have links to exploit tests it is missing.
    It would need to be trustworthy.

    There are assorted vulnerability scans scattered here and there, but nothing comprehensive.

    It would need a good name that would widen the market for the service and make it easy to understand for the average person.

    Whaddayathink?
     
  2. herbalist

    herbalist Guest

    It's probably not everything you want, but they do have some very extensive testing. https://secure1.securityspace.com/sspace/index.html
    Lots of software and OS specific tests.
    https://secure1.securityspace.com/smysecure/single_index.html
    No-risk audit
    https://secure1.securityspace.com/smysecure/norisk_index.html
    You do have to register for the tests, and they don't spam you.
    I use them about 4 times a year for an audit and single tests as needed. The full audit can take over an hour to complete.
    Rick
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Rick,

    Thank you.
    That's exactly the type of service I was thinking of, a security/vulnerabilty audit. It's a lot easier to say than Comprehensive Benign Exploit Archive Testing Service :D
    Now, when they run the vulnerability audit, does it just scan if the MS patch was applied or does it actually test if the exploit works?
     
Loading...
Thread Status:
Not open for further replies.