VulnDB HQ is a platform that lets your organization manage the information it already knows to make the most of it.
In addition to your private library you also get access to the Public library that contains testing methodologies and entries for some of the most common security issues.
This is a great first step, to recognize the value of managing a central library of issues that can be reused across reports.
However, wikis or static documents are not the best fit for the job. VulnDB HQ is built with the needs of the security specialist in mind: collaboration is built-in, content is structured and always at hand, the Public library is kept up-to-date with the latest developments in the industry, etc.
Finally, if you are a security company and have built an in-house application to manage your library, you can still benefit from switching to VulnDB HQ. Our core business is to provide you with a simple solution that lets you service your customers without interruptions. We implement new features, fix problems and keep the Public library up-to-date so you don't have to allocate time and resources to keep your backend systems up and running.
VulnDB HQ is developed by Security Roots, and this is our vision of the security industry.
Define a methodology to make it easy for you and your team to go through all the steps and don't miss anything.
Provide tasks that have to be completed, additional information, external references.
Found a new tool? a new attack technique? Great add it to the methodology so everyone can benefit from it.
As the team grows, one of the most common challenges faced by management is to ensure the consistency of the deliverables.
With VulnDB HQ you can rest assured that the same high-quality issue description will be provided to your customers every time.
Having a static issue description that never gets updated is not very useful. In VulnDB HQ you can easily manage and keep up-to-date all your vulnerability descriptions.
Improve your testing methodologies after every project. Make sure everyone is benefiting from everyone else's knowledge.
VulnDB HQ also comes with peace of mind: all changes are tracked and can be reverted.
VulnDB HQ provides a powerful API to ensure it can be used with your existing systems and reporting tools.
If you currently do not use any reporting tool, VulnDB HQ integrates out-of-the-box with Dradis Professional Edition and the Dradis Framework so you can start producing professional reports straight away.
When you sign up for VulnDB HQ not only you get your own private library, where your team can keep a list of issue descriptions and build your own methodologies, you also get access to the Public library.
The Public library contains dozens of issue descriptions ready for you to use. We add new issues every month and keep the existing ones up-to-date with the latest developments in the industry.
It also contains some testing methodologies, full with tasks and external references to dig deeper into each topic.
You can create a private copy of a public entry and adjust it to your needs. And you get notified if the public entry is updated after your forked it.
Full vulnerability descriptions including details that can lead to exploitation are indeed a sensitive business.
However, VulnDB HQ is a platform to store the boilerplate descriptions and recommendations associated with the issues, not the specifics of every instance.
Our proposed workflow would be:
As you can see, the only really sensitive information here is in step 2.b and this only happens in your laptop.