Jenkins

Last time we explained how easily you can integrate your Faraday instance into the software development process of an application written in Python and deployed on Heroku. In that post, we used GitHub Actions as a CD/CI tool.

Now we are going to perform the same task but instead of using GitHub Actions, we are going to use Jenkins with pipelines since this is one of the most extended CD/CI tools in the community.

Previous considerations

As we’ve covered all the theory and requirements in the previous post, we are going to assume that you already have an application written…

With this release we keep improving the stability and performance of Faraday. In order to provide more flexible integrations and improve performance we have released a new API.

In the latest version of our API (Documentation) added the PATCH method To make partial or full updates of an object. Previously, only the PUT method was supported for full updates.

Faraday-cli 2.0.1 is the latest addition to the set of tools around faraday, the CLI client is allowing users to access faraday information directly from your terminal.

Get the detail of your assets as a quick summary

2020 was an unprecedented and eventful year, different from any other and it was no exception for us. In light of this, we’ve decided to skip a version for our next release (v3.13) -as the number 13 has got a bad reputation-, and we will be releasing v3.14 directly.

We believe that it’s necessary that all pieces work well inside to have a better performance, so we took the time to slow down, analyze in depth what we had been doing and focus on fixing small things to make a big leap in the short term.

Some of our improvements…

If you feel that cybersecurity should be easier, at Faraday we want to transform how thousands of teams work.

Python Developer Ssr/Sr

For this position we are looking for two candidates with knowledge in development and maintenance of the product. Language-specific knowledge, development experience and technical curiosity will be valued.

Requirements

• Relevant experience with Python
• Experience with Linux-based operating systems
• Fluent in English
• Experience with SQL, preferably Postgres
• Experience with SQLAlchemy, Flask, Marshmallow
• Good understanding of Git
• Good knowledge of agile methodologies

BackEnd Tech Lead

A BackEnd Tech Lead is a software developer, responsible for leading a development team, and responsible for the quality of its technical…

There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s easy to lose trail of your efforts. In faraday you can keep track of your scanners and your team in one place,

This update is focused on improving your everyday tasks in managing information. The Jira and ServiceNow integrations now support custom templates, allowing the easy creation of issues in those platforms with only one click.

We keep adding features to our agents, allowing the reuse of them in multiple workspaces, so for example, you can share a scanner with…

We are looking for passionate and creative people to join our amazing team.
If you are commited to the Cyber Security community see our opening positions:

JD — Account Executive (Sales)

Your role:

• Respond to lead generation and marketing efforts.
• Collaborate with Marketing to increase go-to-market results in the assigned territory.
• Understand product strengths and functionality deeply enough so as to qualify and generate new businesses by phone or in person.
• Track sales process and forecasting within CRM system.
• Perform sales activities, including prospecting, qualifying prospects, performing online sales presentations.
• Present key selling points/features and benefits while focusing the message on customer needs and expectations.

…

Integrating systems is an elusive but mandatory job in any software product’s life. Developers have to deal with languages they don’t know, undocumented APIs or new paradigms. This leads to the fact that many product teams decide not to open the possibility to integrate to them.

In Faraday’s case, we are aware that integrations with other security tools are a critical part of our product. However, we’ve realized that our existing Plugin system wasn’t as easy as we expected to develop some integrations: it required some level of interactivity (either running a command from the console or importing a report)…

Introduction

In the previous months, our team has been working over a Metasploit plugin to integrate it with Faraday. The plugin named as faraday_bridge tries to synchronize the information about hosts, service, or vulnerabilities between both tools. It would be available for the public in a short period of time, I guess. 🐌

We found inspiration in the libnotify and accidentally found a bug.

The vulnerability is not enabled by default, only users with the libnotify plugin enabled could be exploited, but we wrote the exploit just for fun.

What is libnotify?

libnotify is a plugin that displays a message through the system bar…