In a recent academic paper “A survey on vulnerability assessment tools and databases for cloud-based web applications” released in ScienceDirect by 4 reseachers and associate Professors at the Computer Science Department, University of Crete and collaborating researcher at the Institute of Computer Science (ICS), Foundation for Research and Technology – Hellas (FORTH).

The Institute of Computer Science (ICS) is one the six institutes of the Foundation for Research and Technology – Hellas (FORTH), a major national research centre partly funded by the General Secretariat for Research and Technology of the Hellenic Ministry of Education and Religious Affairs.

The survey analyses the state-of-the-art open-source tools and databases so as to enable developers to make an informed decision about which ones to select. In this sense, discovering such vulnerabilities will enable to better secure applications before or after migrating them to the cloud.

The analysis conducted is quite rich, covering various aspects and a rich sets of criteria. Third, it explores the claim that vulnerability scanning tools need to be orchestrated to reach the highest possible vulnerability coverage, both in terms of extend and breadth.

Finally, this article concludes with some challenges that current vulnerability tools and databases need to face to increase their added-value and applicability level.

vFeed was identified as the VDB supporting most standards and nominated as the Best Vulnerability Database Provider by its richness of data and correlation.

(download full paper)

This study was based on a deprecated vFeed Community Edition. Needless to say that the current vFeed Professional Release is x1000 more powerful !