Full Program
Summary:
Artifacts associated with vulnerabilities, such as patches, exploits, and scanners, provide valuable insights in the context of network security. In particular, the network protocols used by scanners to identify vulnerabilities offer clues about their exploitation mechanisms and associated risks. In this work, we analyze network-related vulnerabilities using data from the NomiSec repository, with a special focus on scanners. For example, we observe that some artifacts indicate that exploitation occurs via HTTP, while others require direct socket interactions. Additionally, we perform clustering and visualization of these artifacts, identifying relationships between different categories. We find that certain artifact groups are associated with the exploitation of network devices, such as firewalls, while others focus on protocol-specific vulnerabilities, such as SSL/TLS. These findings contribute to a better understanding of the vulnerability ecosystem and the improvement of mitigation strategies based on data automatically and periodically collected from GitHub.Author(s):
Leonardo Ambrus de Lima
UFRJ
Brazil
Estevao Rabello Ussler
UFRJ
Brazil
Miguel Angelo Santos Bicudo
UFRJ
Brazil
Daniel Sadoc Menasché
UFRJ
Brazil
Anton Kocheturov
Siemens
United States
Gaurav Srivastava
Siemens
United States