NATIONAL VULNERABILITY DATABASE (NVD) VERSION 2.2
NVD is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). These data enable automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics. NVD contains content (and pointers to tools) for performing configuration checking of systems implementing the Federal Desktop Core Configuration settings (FDCC) using the SCAP.FDCC Checklists are available (to be used with SCAP FDCC capable tools), and SCAP FDCC Capable Tools are available. Other NVD resources include:
- Vulnerability Search Engine: Common Vulnerabilities and Exposures (CVE) software flaws and Common Configuration Enumeration (CCE) misconfigurations
- National Checklist Program: automatable security configuration guidance in the eXtensible Configuration Checklist Description Format (XCCDF) and Open Vulnerability and Assessment Language (OVAL)
- SCAP: program and protocol that NVD supports)
- SCAP Compatible Tools
- SCAP Data Feeds: CVE, CCE, CPE, CVSS, XCCDF, OVAL
- Product Dictionary: Common Platform Enumeration (CPE)
- Impact Metrics: Common Vulnerability Scoring System (CVSS)
- Common Weakness Enumeration: CWE
The OSVDB is an independent and open source database created by and for the community—its goal is to provide accurate, detailed, current, and unbiased technical information. The database covers more than 66,700 vulnerabilities, spanning more than 27,730 products from more than 4,730 researchers, over 45 years. The HackerStorm website http://www.hackerstorm.com was originally created for OSVDB and has additional information, including news and alerts feeds conveniently located in one place to help with vulnerability research. It includes tutorials for penetration testing with various tools.
EDB is an archive of exploits and vulnerable software that serves as a resource for penetration testers, vulnerability researchers, and security addicts alike. The aim of EDB is to collect exploits from submittals and mailing lists and concentrate them in one, easy-to-navigate database. EDB also hosts the Abysssec Security Team’s Month Of Abysssec Undisclosed Bugs (MOAUB)—a collection of 0days, web application vulnerabilities, and detailed binary analysis (and pocs) for recently released advisories by vendors. The 0day collection includes PoCs and Exploits. The MOAUB is updated on a daily basis. Follow both exploit-db and Abysssec twitter feed to keep updated!