Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Paul Davis

Research Manager - Security Response Team

Paul Davis's picture

Paul joined Tenable in 2008 as a Research Engineer for the Nessus compliance audits team, where he analyzed compliance standards and developed .audit files. He has since served in various roles including Enterprise Content SME, Research Engineer QA, Research QA Manager and Research Support Manager. He is currently helping build up the Security Response Team and has turned it into a world-class team focused on early detection, speed and reliability. Prior to joining Tenable, Paul came from a diverse technical background working in various companies such as Sourcefire, WebMD, Alabanza, and Protel, Inc.

Interests outside of work: In his free time Paul enjoys reading, teaching, jogging, hiking, fly fishing, coordinating running events, learning Vietnamese (slowly!) and traveling with his family.

Blog Post
Tuesday, January 22, 2019

Publicly released and newly named “PrivExchange” proof-of-concept (POC) privilege escalation code exploits protocol flaws and default configurations to give standard Exchange users Domain Administrator access. Background Update February 12 :...

Blog Post
Thursday, November 1, 2018

Cisco advised that the Adaptive Security Appliance (ASA) and Firepower systems are being exploited in the wild with a Session Initiation Protocol (SIP) vulnerability. Limited patches are available. Background Cisco...

Blog Post
Friday, October 26, 2018

A researcher has published a local privilege escalation exploit that fits in a single tweet for xorg-x11-server. Vendors are rolling out fixes and mitigation advice. Background On October 25, a...

Blog Post
Tuesday, August 28, 2018

Updated September 11 : Microsoft released the patch for this vulnerability (CVE-2018-8440) today as part of its monthly security update known as Patch Tuesday. Customers are advised to apply this...

Blog Post
Wednesday, August 15, 2018

A new vulnerability discovered in the Oracle Database JavaVM component can result in complete database compromise and shell access to the underlying server. Background Oracle released an out-of-band update to...

Blog Post
Saturday, July 21, 2018

Cisco’s Policy Suite for Mobile controls billing and access control for customer devices. Root access to this suite is concerning because of the breadth of user device access. The latest...

Blog Post
Wednesday, June 13, 2018

Okta’s Research and Exploitation team released details on June 12 about an issue with third-party code-signing validation using Apple’s APIs. The flaw, which dates back to 2005, makes it possible...

Blog Post
Monday, February 21, 2011

It's 4:55 PM on a Friday and you are looking forward to an enjoyable dinner with your family. Your Blackberry starts buzzing from across your desk while your inbox starts filling up with alerts from your SecurityCenter along with frantic emails from Human Resources. It seems a disgruntled employee named Jack Black quit today and nobody remembered to tell the IT group to disable his accounts until after important files started disappearing. Suddenly, you are stuck in Incident Response mode, gathering data on the user's activities. Do you cancel your reservations? Fortunately, you have deployed Tenable Network Security's Unified Security Monitoring products, and have a wide array of resources[1] at hand to streamline the response process. These resources include SecurityCenter, the Passive Vulnerability Scanner (PVS) and Log Correlation Engine (LCE). At a high level, what can these resources do for you? SecurityCenter SecurityCenter provides a unified view of both vulnerability and event data along with the alerting, ticketing and reporting required for thorough user forensics. Passive Vulnerability Scanner PVS not only tracks vulnerabilities, but logs user and network activities detected in real-time on the wire. These activities include:

Blog Post
Monday, July 26, 2010

Web application testing with automated scanners can be tricky business. While testing various target web servers, I found that some targets seemed to finish in a relatively short period, while others took days - or never seemed to complete at all. This occurred despite the fact that I often used identical test settings and relatively conservative scan settings for the different targets. While troubleshooting this apparent disparity, I came across a useful plugin that helped me see a little of what was going on in the background. The plugin is Nessus Plugin ID 33817 “Web Application Tests : Load Estimation” .

Blog Post
Wednesday, March 31, 2010

Nessus users have a wide range of powerful options whose functionality is critical to a successful vulnerability scan, but whose meaning may not be completely clear. An example of this is the “Thorough tests” option. There is more to this option than meets the eye and knowing how to properly use it will help you customize your scan policies to your specific needs. By default, this option is disabled; however, of the more than 34,000 plugins available with Nessus, over 900 behave differently if this option is enabled. This blog describes what the feature does and provides some examples of where the option should or should not be used. The “Thorough tests” option is located in the scan policy “Preferences” section of the Nessus 4.x web interface. Within this section choose the “Plugin” dropdown and select “Global variable settings”: To use this option, click on the “Thorough tests (slow)” checkbox, which will trigger the “thorough_tests” keyword within the Nessus plugin script files (.nasl). The following sections describe its functionality.

Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.