Purpose:

This site is meant to be used as a tool for users of open source and sometimes commercial software who must keep constant track of new security bugs as soon as they appear in the wild. In its current state it constantly scans a number of security focused mailing lists for posts matching your criteria.

Audience:

System Administrators who manage web based software are the primary audience for this tool, although it may be useful for anyone who wishes to keep track of 0-day advisories in their own hosted applications.

Other Thoughts:

This tool was primarily written to track 0-day advisories on the BugTraq mailing list for php based web applications that I administer. However as it simply scans any number of different mailing lists based on very flexible criteria there are many other possible uses. At the moment however I would like to keep it security oriented.

My idea was that since many of these exploits consist of XSS, file include or SQL Injection which are generally fairly simple to fix by even a beginning programmer, but may not be fixed by the official provider for some time, it would be useful to have a way to scan bugtraq and other mailing lists and be alerted as soon as these exploits are discovered.

Even given the informal nature of these postings this is quite accurate as the vast majority of posters will put the application/project/component name in the subject of the message.

Alert Methods

RSS:

Your own RSS feed at advisoryscan.net/feeds/users/yourname that may be used with Google Reader, My Yahoo, Bloglines, etc. Updated hourly.

E-Mail

Receive a daily digest of all messages that match your criteria

Current Mailing Lists

bugtraq:

The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

Full Disclosure:

An unmoderated high-traffic forum for disclosure of security information

Infosec News:

InfoSec News is a privately run, medium traffic list that caters to the distribution of information security news articles.

NTBugtraq:

NTBugtraq is a mailing list for the discussion of security exploits and security bugs in Windows and related software.

php security:

[phpsec] is a mailing list dedicated to the security of PHP and its related applications.

Secunia Security Advisories List:

The Secunia Security Advisories list is a high volume list which covers all the latest security vulnerabilities and security updates.

VulnWatch:

A non-discussion, non-patch, all-vulnerability annoucement list supported and run by a community of volunteer moderators distributed around the world.

Web App Security (securityfocus):

Provides insights on the unique challenges which make web applications notoriously hard to secure.

Web Security (webappsec.org):

The Web Security Mailing List is an open information forum for discussing topics relevant to web security.

(c) 2007 Jon Austin All Rights Reserved