Академический Документы
Профессиональный Документы
Культура Документы
_
Information Security Stack Exchange is Here's how it works:
a question and answer site for
information security professionals. Join
them; it only takes a minute:
Sign up Anybody can ask Anybody can The best answers are voted
a question answer up and rise to the top
Are there any services (free or otherwise) that provide information on new vulnerabilities for a given piece of technology?
For example, say I want to be updated of all new Wordpress vulnerabilities via RSS or email? What would be my best option?
known-vulnerabilities
marked as duplicate by TildalWave, Xander, NULLZ, Ayrx, Iszi Dec 1 '13 at 6:36
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new
question.
3 There is no best option. National vulnerability database offers CVE feeds which can be filtered by IfThisThenThat or Yahoo! Pipes. There
are also mailing lists for most popular pieces of software. – Deer Hunter Jun 14 '13 at 21:21
I use the National vulnerability database as a basis for SecureIT that shows you new vulnerabilities that your server/container/webapp
might have. – João Antunes Nov 28 '17 at 15:13
4 Answers
You could use tweetalarm with the keyword [webapps] - Wordpress , and set it to email
you whenever a tweet containing that keyword is used. Then you would know about verified
exploits for WordPress as soon as they are added to the database.
CVE Details allows you to "generate a custom RSS feed or an embedable vulnerability list
widget or a json API call url", filterable on a large range of fields including product.
1 Looks like you only filter the feed by 1 product at a time, is that right? Would be great to
have a collated feed based on multiple products you were interested in. – Simon East
Sep 7 '17 at 2:05
Yes, I'm not aware of that capability if it has it. – Michael Oct 5 '17 at 17:44
US-CERT provides a free alerting service. They also have feeds from NCAS, which you can sign
up for here: https://www.us-cert.gov/mailing-lists-and-feeds
While they don't offer a specific technology or product feed, you could filter them out yourself.
Secunia has a nice feed and allows one to sort by vendor as well as product. Long ago one
could sign up for email alerts for free, but I don't think that is the case anymore.
https://security.stackexchange.com/questions/37519/are-there-any-customizable-vulnerability-notification-services 2/2