Posts by Tom Hart

4 min

I don't always write my own web application fingerprints, but when I do, I use XML

One of the awesome things about Nexpose is its extensibility. Nexpose now allows you to write your own custom web application fingerprints, using a combination of XPath and regular expressions. Coupled with the ability to add your own custom checks [/2013/06/13/custom-vulnerability-checks-using-nexposes-vulnerability-schemas], this allows you to write your own web application vulnerability coverage. This fingerprinting functionality can be used on any web application that provides its version i

1 min

PostgreSQL? We got you covered.

PostgreSQL? PostgreSQL is a popular open source relational database which is used in many web sites and products, including the most awesome product in the whole wide world []. Rapid7's Nexpose coverage team is proud to present full coverage for PostgreSQL in Nexpose 5.5.13. This update adds coverage for 19 PostgreSQL vulnerabilities from between 2009 and 2013. Also, PostgreSQL's logo is an elephant: How awesome is that? Awesome! What do I have to do to

1 min

Latest Coverage: VLC Media Player

What's VLC? VLC is a popular cross-platform media player with a large library of codecs. It can be run as a browser plug-in. For more information, see Why cover VLC? Since VLC can be run as a browser plug-in, it presents a significant attack surface. Through libraries such as PluginDetect, a malicious website can determine if a user is running a vulnerable version of VLC []. Furthermore, there are several [http://www.metasp