Seccubus - A tool to take the pain out of repeated vulnerability scanning presented at BSidesLondon 2010

by Frank Breedijk,

Summary : Short or longer talk about Seccubus
As part of his job as Security Engineer at Schuberg Philis, Frank Breedijk performs regular security scans. The repetitive nature of scanning the same customer infrastructure over and over again made him decide to look for a more automated approach. After building his first scanning scheduler he realized that it actually does not make sense to look at all findings every time they are reported. It would be much better to only investigate the deltas between the scans. The philosophy behind Seccubus was born. In his workshop Frank will demonstrate Seccubus by making the attendees perform scans of a live demo environment and explain the inner workings of Seccubus and the philosophy behind it.
What is Seccubus?
Seccubus automates regular vulnerability scans and provides delta reporting. It effectively reduces the analysis time for subsequent scans of the same infrastructure by only reporting delta findings.
Why?
Anyone who has ever used a scanning tool like Nessus or OpenVAS will be familiar with one of its biggest drawbacks. Nessus and OpenVAS are very valuable tools, but unfortunately also very noisy. The time needed to report on a single scan will often be two or three times the time needed to do the actual scan. Seccubus was created in order to more effectively analyze the results of regular scans of the same infrastructure.
How does it work?
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non-issues get ignored until they change. This causes a dramatic reduction of the analysis time.
What is in the talk?
What will be in the talk?
The presentation will tell the tale of two engineers that have been tasked with scanning the same infrastructure each week. On uses a regular approach, the other one uses Seccubus. As we follow them we will find out what Seccubus is about and how it will help the smarter of the two individuals in his job.