Description
Hundreds of vulnerabilities are getting disclosed each week and the number of CVE has just been exploding during the last few years. When a new vulnerability comes out, the usual questions from the management are : "Are we impacted? If so, how many servers are vulnerable to X?". During this presentation, we will release "ChopChop", an internal tool we built aimed at solving problematics around vulnerability detection/regression.
Chopchop aims at providing a fully-featured scanner allowing you : - to easily scan your servers - integrate new plugins (aka new vulnerability checks) without pain. - get pragmatic results in term of security
We created this tool back in 2017 at Michelin integrating popular checks (eg. non-interpreted .htpasswd, .git folder accessible in the webroot, wildcard in crossdomain.xml, ...) and is now, one of our go-to tool, also integrated inside our CI/CD pipeline in order to tackle security in its whole.