It is also necessary to add certain very vulnerable dependencies such as Apache and PHP which total a history of more than 1,200 vulnerabilities for one and 600 for the other.
Many other sources of information allow the exploitable vulnerabilities (CVE) to be referenced in detail for many open-source software:
On the other hand, there are many tutorials on hacking techniques https://medium.com/@0x616163/pivoting-with-devops-tools-abusing-zabbix-877e92bf49c2, MetaSploit-type modules targeting the tools mentioned above https://www. cvedetails.com/metasploit-modules/vendor-1424/Nagios.html which can provide an almost turnkey hacking solution from a Kali Linux virtual machine. Whether on the software itself or on the embedded libraries, hackers can quietly study each vulnerability, develop a tailor-made virus or an intrusion technique and perform tests for the chosen version.
At ServicePilot, we also produce highly sensitive software and take the issue of cyber crime very seriously. The source code is under control and closed to the public. The architecture allows for a unidirectional secure flow for data between the servers and the monitoring platform using TLS 1.2, thus avoiding the need to open ports on the target servers.
We work with the largest French companies on software quality mark problems from a security point of view.
We regularly carry out Pentests (penetration tests).
We have already worked with some clients on particular security mechanisms, for example with non-IP networks. We carefully choose every component, every detail of the architecture.
Here are 7 good practices that we suggest in addition to the usual recommendations:
The adoption of a quality mark "secured by design" and "tamper-proof" emphasising software security would not only help companies to improve the security of their own software, but would also provide companies with an indication of the security of the software architecture they wish to integrate into their information system.