INCIDENT DETECTION & RESPONSE
Vulnerability Scanning with Nexpose and Exploitation Testing with Metasploit Pro
In this week’s Feature Friday, Brian O’Neill Sr. Product Strategist, will show you how to scan for the Java Deserialization vulnerability in Nexpose to see where this vulnerability exists on your network, and then test exploitation in Metasploit Pro.
The Java Deserialization vulnerability allows remote attackers to execute unknown and unapproved code in a java application. There are potentially millions of Java applications deployed on the internet that are vulnerable to this attack method. Several very common middle ware applications have already been proven to be exploitable such as jBoss, Oracle WebLogic, Jenkins and WebSphere. Luckily you can use Nexpose to determine if your applications are at risk and Metasploit Pro to validate this risk. You can read our blog post providing more details here.
By validating that this vulnerability is exploitable on your network, you are able to prove to your IT team that remediation needs to happen swiftly and demonstrate the real risk associated with it.
On Demand Nexpose Demo
See Our Vulnerability Management Tool in ActionWatch Now