Abstract: A solution recommendation (SR) tool can receive vulnerabilities identified by a vulnerability scanner and/or penetration testing tool. The SR tool can determine various approaches for remediating or mitigating the identified vulnerabilities, and can prioritize the various approaches based on the efficiency of the various approaches in remediating or mitigating the identified vulnerabilities. The SR tool can recommend one or more of the prioritized approaches based on constraints such as cost, effectiveness, complexity, and the like. Once the one or more of the prioritized approaches are selected, the SR tool can recommend the one or more prioritized approaches to third-party experts for evaluation.

Abstract: A reconnaissance and assessment (RA) tool can receive base information about the network, such as basic network information and details about an entity and personnel associated with network. The RA tool can utilize the base information to perform reconnaissance procedures on the network to identify the attack surface of the network. The RA tool can perform reconnaissance on the network, itself, and on other external sources, such as third party databases, search engines, and partner networks. Once the attack surface is identified, the RA tool can automatically perform appropriate security assessments on the attack surface. Additionally, if additional information is determined about the network during the security assessments, the RA tool can perform additional reconnaissance and security assessments based on the additional information.

Abstract: A solution recommendation (SR) tool can receive vulnerabilities identified by a vulnerability scanner and/or penetration testing tool. The SR tool can determine various approaches for remediating or mitigating the identified vulnerabilities, and can prioritize the various approaches based on the efficiency of the various approaches in remediating or mitigating the identified vulnerabilities. The SR tool can recommend one or more of the prioritized approaches based on constraints such as cost, effectiveness, complexity, and the like. Once the one or more of the prioritized approaches are selected, the SR tool can recommend the one or more prioritized approaches to third-party experts for evaluation.

Abstract: A solution recommendation (SR) tool can receive vulnerabilities identified by a vulnerability scanner and/or penetration testing tool. The SR tool can determine various approaches for remediating or mitigating the identified vulnerabilities, and can prioritize the various approaches based on the efficiency of the various approaches in remediating or mitigating the identified vulnerabilities. The SR tool can recommend one or more of the prioritized approaches based on constraints such as cost, effectiveness, complexity, and the like. Once the one or more of the prioritized approaches are selected, the SR tool can recommend the one or more prioritized approaches to third-party experts for evaluation.

Abstract: A security tool can identify vulnerabilities in a computing system and determine a risk level of the vulnerabilities based on base and optional CVSS vectors and additional factors that represent the evolving nature of vulnerabilities. Likewise, the security tool can determine an overall risk for vulnerabilities, an asset, and/or a collection of assets that encompasses a global view of an asset's risk and/or collection of assets' risk, business considerations of an entity that own and controls the asset and/or the collection of assets, and the entity's associations.

Abstract: A security assessment tool can determine computer assets in a network and provide an overall security score for the network. The overall security score can represent an objective measure of the security of the network that considers potential security threats to the computer assets, counter measures deployed in the network to address the potential security threats, and the effectiveness of the counter measures. Based on the overall security assessment, the security assessment tool can provide recommendations for improving the security of the network.

Abstract: Systems and methods of determining compliance of content in a website or web application are disclosed. The systems and methods comprise a compliance tool to retrieve data associated with website or web application content. The compliance tool can scan the data to determine references to network locations. The compliance tool can compare the references to one or more approval rules to determine whether the references comply with the approval rules. A report can be compiled and outputted that indicates which references comply and which references do not comply with the approval rules. A user can have the option to add non-complying references to an approved list. The compliance tool can further remove non-complying references from the website or web application data and/or register non-complying references with a firewall.

Abstract: A security tool can identify vulnerabilities in a computing system and determine a risk level of the vulnerabilities based on base and optional CVSS vectors and additional factors that represent the evolving nature of vulnerabilities. Likewise, the security tool can determine an overall risk for vulnerabilities, an asset, and/or a collection of assets that encompasses a global view of an asset's risk and/or collection of assets' risk, business considerations of an entity that own and controls the asset and/or the collection of assets, and the entity's associations.

Abstract: A security tool can identify vulnerabilities in a computing system and determine a risk level of the vulnerabilities based on base and optional CVSS vectors and additional factors that represent the evolving nature of vulnerabilities. Likewise, the security tool can determine an overall risk for vulnerabilities, an asset, and/or a collection of assets that encompasses a global view of an asset's risk and/or collection of assets' risk, business considerations of an entity that own and controls the asset and/or the collection of assets, and the entity's associations.

Abstract: A security assessment tool can determine computer assets in a network and provide an overall security score for the network. The overall security score can represent an objective measure of the security of the network that considers potential security threats to the computer assets, counter measures deployed in the network to address the potential security threats, and the effectiveness of the counter measures. Based on the overall security assessment, the security assessment tool can provide recommendations for improving the security of the network.

Abstract: A security tool can identify vulnerabilities in a computing system and determine a risk level of the vulnerabilities based on base and optional CVSS vectors and additional factors that represent the evolving nature of vulnerabilities. Likewise, the security tool can determine an overall risk for vulnerabilities, an asset, and/or a collection of assets that encompasses a global view of an asset's risk and/or collection of assets' risk, business considerations of an entity that own and controls the asset and/or the collection of assets, and the entity's associations.

Abstract: A solution recommendation (SR) tool can receive vulnerabilities identified by a vulnerability scanner and/or penetration testing tool. The SR tool can determine various approaches for remediating or mitigating the identified vulnerabilities, and can prioritize the various approaches based on the efficiency of the various approaches in remediating or mitigating the identified vulnerabilities. The SR tool can recommend one or more of the prioritized approaches based on constraints such as cost, effectiveness, complexity, and the like. Once the one or more of the prioritized approaches are selected, the SR tool can recommend the one or more prioritized approaches to third-party experts for evaluation.

Abstract: A reconnaissance and assessment (RA) tool can receive base information about the network, such as basic network information and details about an entity and personnel associated with network. The RA tool can utilize the base information to perform reconnaissance procedures on the network to identify the attack surface of the network. The RA tool can perform reconnaissance on the network, itself, and on other external sources, such as third party databases, search engines, and partner networks. Once the attack surface is identified, the RA tool can automatically perform appropriate security assessments on the attack surface. Additionally, if additional information is determined about the network during the security assessments, the RA tool can perform additional reconnaissance and security assessments based on the additional information.

Abstract: Systems and methods of determining compliance of content in a website or web application are disclosed. The systems and methods comprise a compliance tool to retrieve data associated with website or web application content. The compliance tool can scan the data to determine references to network locations. The compliance tool can compare the references to one or more approval rules to determine whether the references comply with the approval rules. A report can be compiled and outputted that indicates which references comply and which references do not comply with the approval rules. A user can have the option to add non-complying references to an approved list. The compliance tool can further remove non-complying references from the website or web application data and/or register non-complying references with a firewall.

Abstract: A security tool can identify vulnerabilities in a computing system and determine a risk level of the vulnerabilities. The security tool can determine the risk level based on exploits associated with the vulnerabilities. The security tool can determine the risk level based on factors associated with the exploits such as whether an exploit exists, a rank of the exploit, a number of exploits that exist for the vulnerability, a difficulty to identify whether the exploit exists, and an effect of the exploit on the vulnerability. The security tool can a report identifying the vulnerabilities of the computing system, the exploits associated with the vulnerabilities, and the risk level of the vulnerabilities. The report can also include links to information about the exploits.