Risk Based Security and DSquare Security Announce Integration

Risk Based Security is pleased to announce a partnership with DSquare Security and the integration of VulnDB and the D2 Elliot Framework.

The D2 Elliot Web Exploitation Framework helps enterprises replicate real-life attacks during web application penetration testing by providing a powerful framework and reliable exploits.  There are currently over 600 enterprise-grade exploits in the D2 Elliot framework. In addition, there are dedicated tools to dynamically and automatically create exploits from web application scanner reports, as well as libraries that can be used to easily develop your own custom exploits.

Organizations, which also have a VulnDB subscription, are able to easily see comprehensive vulnerability intelligence directly in the D2 Elliot interface. In the latest Elliot release, a new VulnDB Website Analyzer Workflow has been released. The workflow finds technologies used on a target website and then display the most recent vulnerabilities disclosed. Furthermore, in the VulnDB portal as well as data returned via the API, D2 Elliot references are included for corresponding vulnerabilities.

D2 Elliot has been designed to exploit vulnerabilities, but after successful exploitation it is important to understand the cause and upgrade or apply patches to fix the vulnerability. This is where VulnDB – providing the world’s most comprehensive and detailed vulnerability intelligence – also comes into play. Organization will be able to understand their risk level and properly prioritize remediation. With this new integration, organizations get the best vulnerability intelligence and the sharpest tools to exploit them.

“As organizations continue to struggle with vulnerability management, they are moving towards using vulnerability intelligence. The integration of VulnDB into D2 Elliot provides the best of both worlds: The understanding all potential vulnerabilities when assessing web applications and the ability to verify exploitation first hand”, said Jake Kouns, CISO for Risk Based Security.

To get started using this integration, you need to use D2 Elliot 1.10 released on November 21, 2017.

Here is a quick demonstration of the capabilities:

If you have any questions or ideas for improvements we would love to hear from you!

About Risk Based Security

Risk Based Security (RBS) provides detailed information and analysis on Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.

VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.