How to integer the Vulnerability / Threat Database within my solution ?
The Vulnerability and Threat Intelligence Database can be integrated in different ways. Here are some methods to do so:
- Embedded as third-party library: Your product/service may access the database using either our python API (see How to use the API ?) or develop your own parser / script. The retrieved information is then rendered through your engine (SaaS or Web Service) to your customers.
- Packaged within your product: The database may be packaged and distributed with your product to your customers.
- Remotely accessed within your SaaS / Cloud environment: The Open Source API has the ability to export the vFeed DB into a MongoDB database. The MongoDB must be installed and configured accordingly to allow remote access. Please refer to MongoDB manual.
How to use the API ?
How can i get notified with new database updates ?
Whenever a new Vulnerability and Threat Database is available, you will get notified through the following channels
Which License is the best for me ?
As of today, vFeed IO has made available 3 Plans.
- Consultancy: This plan is suitable for security companies that provide paid services related to consultancy. The usage of the database information and metadata may range from penetration testing, auditing, compliance, security assessment reports to internal security advisory.
- Integrator: Larger companies may need to choose this plan. It is suitable for SaaS, Cloud and Managed services with the database embedded as a third-party library.
- Community: This plan is suitable for everyone including organisations who are using the database for non-commercial usage. Freelancers, Open Source tools, CERTs, public vulnerability providers may use the database for free with the condition to credit vFeed.
How to buy a license ?
The licenses are bought through a certified digital delivery partner. The plans are displayed on a dedicated pricing page.
Once the secure payment is authorized, the download link is sent to the customer. The community plan users can checkout without submitting the credit card information.
Is it secure to buy from vFeed IO?
To ensure privacy and confidentiality of transactions within our web server, all communications occur via HTTPS. Here is the seal stamped by GoDaddy.
The payment is processed through a certified digital delivery partner. The provider is certified PCI DSS and is using HTTPS SSL for all cart and checkout subdomains, and an Extended Validation (EV-SSL) certificate on its main domain.
Here are the extra measures applied by our provider:
- The provider never stores any payment card information, including card numbers, stripe data, or CVV codes.
- Regular scanning of their public IP addresses that process credit card transactions by an Approved Scanning Vendor (ASV).
- Developed and maintained security policies compliant with the PCI DSS.
- Regular penetration and common exploit testing, such as cross-site scripting and man in the middle attacks.
- Completion and review of the PCI-DSS Self Assessment Questionnaire (SAQ) Type D for Service Providers.