These remediation guides are a combination of materials we have gathered since 2006 and guides we have written from scratch as new vulnerabilities and exploits get released.
If you feel there is a guide missing that would really benefit you, use the form at the bottom of the page to get in touch and let and us know. We typically get them added within seven days.
The remediation Guides
On many vulnerability scans we see SSH being reported as a medium risk vulnerability due to insecure ciphers and poor configurations. In penetration tests we often find we are able to use SSH once we have a set of user credentials, especially where the service is linked through to a centralised password management solution such as Active Directory.
Apache is probably the most common webserver used and despite there being well documented guides on how to secure apache, we come across web server header issues and very poor SSL configurations on a daily basis. To aid in the remediation, here is Peter Bassill’s recommended configuration for the apache global security file, /etc/apache/conf-enabled/security.conf:
A very common issue seen in vulnerability scan reports and to an extent, on Penetration Tests. The risk posed by clickjacking varies by who you talk to. For example, Hacker1 say it isn’t important at all and can be ignored. We believe that as a vulnerability, it is simple stupid to ignore it. Especially as
Introduction PHP 7, which was released on December 3, 2015, promises substantial speed improvements over previous versions of the language, along with new features like scalar type hinting. This guide explains how to quickly upgrade an Apache or Nginx web server running PHP 5.x (any release) to PHP 7. Warning: As with most major-version language releases,
Nessus Summary Nessus Plugin ID: 42873 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Nessus Summary Nessus Plugin ID: 66848 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer no encryption at all. Note: This is considerably easier to exploit if the attacker is on the same physical network. How to Fix Null cipher suites is where a zero level
Nessus Summary Nessus ID: 26928 CVSS v3.0 Base Score: 5.3 Nessus Description: The remote host supports the use of SSL ciphers that offer weak encryption.Note: This is considerably easier to exploit if the attacker is on the same physical network. How to Fix This vulnerability is cased by a weak strength cipher being present in
Nessus Summary Nessus ID: 65821 CVSS v3.0 Base Score: 2.6 Nessus Description: The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its
Nessus Summary Nessus ID: 69551 CVSS v3.0 Base Score: 1.4 Nessus Description At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048
Get in touch
Do you have any questions or comments about our remediation guides? Or maybe you feel there are one or more remediation guides missings? Let us know using the form below.