Solving Problems with Unique Approaches: A Case Study
In everyday tasks you may be facing problems that need to be solved, some of them might be well known and the solution is straight forward, sometimes it might be a little more complicated and you might need the help of other people's opinion and experience to solve the problem(stackoverflow). But what happens when you can’t find a proper solution?
In my experience, solutions to problems might come from places you didn’t think of in the first place.
Today we will walk through a problem we had in our company and what unique approach I took in order to solve it.
One of many features that we have in our system is alerting our clients of any outdated technologies that they are currently using and might cause a real risk to their organization.
We can take this feature and divide it to 3steps
1) Identify which technologies are being used by the organization (without installing anything on the organization assets).
2) Get the latest version of each found technology.
3) Check if the current version is not the newer version and send an alert to the client if needed.
The 1st and 3rd steps are relatively easy, there are multiple templates/solutions on the internet which are updated constantly and helps to identify technologies of websites and servers. We integrated/implemented those templates and solutions into our scanners and then were able to pull the current technologies and their versions.
The second step is where we faced issues. We thought to ourselves from where can we get a list of latest versions for any technology that ever existed?
The first approach we took was to convert the found technology (Name) into a CPE string and use it to search for the latest CPE entry in the NVD CPEs database. We grew to understand that the database is not complete and there are newer versions which are not included in the database or a lag in updates of new technologies to the database.
The second approach was to look if this problem had already been solved by others. We searched the internet looking for the answer, but we encountered a dead end.
After a few days with no progress, we decided to stick with our first approach and to use the NVD database.
A week later I was reading an article about some company (the name is irrelevant), I didn’t know what products this company have so I searched it in google and the first link of the search result took me to the “holy grail” of information, which is Wikipedia.
After a short reading session, it hit me, I saw the latest version of the company’s product in front of my eyes, I quickly searched for other known products and saw that Wikipedia contains most of the versions that ever exists for each product I looked for.
I thought to myself, why not use Wikipedia as a source? Wikipedia is a valid source of information; it keeps updating daily by a lot of talented people in the global community.
The next day I came into the office and quickly wrote a small script to pull the latest version of given technology. It worked like a charm. After a few tests I implemented this technique in our scanners.
The problem we had has finally come to an end.
To conclude things, I must say that in our world (information and data) we might not get a perfect solution with 100% coverage, but we always try to maximize our success, we always should come back to an already solved problem and try to make it better.
Remember that a great solution might come to you when you are not thinking about it or looking for it. If you have a problem that takes too much time to solve it might be because you overthink it, my advice to you is to take a break, even to come back to it on the next day, most of the time you’ll find out that it was that easy.