Common Vulnerabilities and Exposures (CVE) is a list of publicly known cybersecurity vulnerabilities. Each vulnerability is given a unique CVE number by which it can be identified and referenced. The list can be easily accessed for free online, but wouldn’t it be nice to be automatically notified when you are affected by a newly reported vulnerability without having to check the list every day?
WoTT can help you do this by scanning your system packages and checking them against the CVE list.
Required Skill Level: None/Beginner
Time to Complete: 15 - 45 minutes (depending on whether you are already set up with WoTT)
In a few simple steps, you can determine your vulnerability score. Follow the instructions below.
You’ll need to install our lightweight agent if you haven’t done so already. See our getting started page and follow the instructions.
If you’re already set up with WoTT, you’ll need to navigate and log in to the WoTT Dash.
Now click on the ‘Device Name’ to see device details. It should look something like this:
To see your vulnerabilities, navigate to the security tab at the top of the page where a scan of your device will be performed. Here you will see a list of all CVEs that affect your endpoint.
In this particular example, you can see that the scan has detected default login credentials (such as those on a raspberry pi). The results will of course vary depending on your device, but this should give you a better understanding on the common vulnerabilities present on your device that can be easily exploited.
WoTT also provides a more holistic security audit and set of developers tools to capture and correct other common failure points such as firewall policy, OpenSSH audits and the presence of app hardening tools like AppArmor and SELinux.
To understand each check in the security audit visit the WoTT FAQ.