Why Auditing and Vulnerability Scanning are Different Things

Why Auditing and Vulnerability Scanning are Different Things As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus, especially when it comes to Linux security. Surprise, it is not. Let’s get things straight, and talk about the benefits of both. Vulnerability Scanning Scanners like Nessus and OpenVAS are great tools. You drop a system in the network and start scanning. The scanner then usually starts with a ping […]

Read more

The Most Influential Linux Security Blogs

The Most Influential Linux Security Blogs Finding quality blogs about Linux security can be challenging. We made an effort to seek the best and most influential blogs on the internet. What makes it influential? It should have quality articles, regularly updated and tailored to Linux or UNIX security. The countless “How to” websites are skipped. Months of searching and reading resulted in a list of blogs, sorted by category. If you are interested in the developments on Linux security, add […]

Read more

Linux History: How Dot Files Became Hidden Files

History of Hidden Files Ever wondered why there are files on your Linux system, starting with a dot? The short answer: they are shortcuts. The story begins many years ago, when the first file systems were created on UNIX. To allow easy navigation, a single file with a dot (.) was added in each directory. Secondly a double dot file (..) was added to easily move up in the directory structure. As these files had no real data in them, […]

Read more

The Difference Between Auditing and Vulnerability Scanning

Technical Auditing and Vulnerability Scanning Why both look the same, yet have subtle differences When talking about auditing, I see that most technical people immediately think about vulnerability scanning. While they definitely have things in common, there are also a lot of minor differences. In this blog post I will show them, and also share how technical auditing and vulnerability scanning can work together. Similarities and Differences Let’s first determine what makes technical auditing and vulnerability scanning look similar. First […]

Read more

Secure Software Development: CII Best Practices

Best Practices from the Core Infrastructure Initiative Last month the Core Infrastructure Initiative, or CII, launched their CII best practices project. Its primary goal is to gamify the process of building more secure software. Let’s have a look at the project, and how it can help. Open Source and Security If we look in the open source world of software, we see that many projects were created by volunteers. While doing this voluntary, this doesn’t say anything about the quality of the […]

Read more
12330