Module05 Vulnerability Analysis

Thursday, February 29, 2024 0 Comments

 Module 05: Vulnerability Analysis

Learn how to identify security loopholes in a target organization’s network, communication infrastructure, and end systems. Hands-On Lab Exercises: Over 5 hands-on exercises with real-life simulated targets to build skills on how to:

> Perform vulnerability research using vulnerability scoring systems and databases.

> Perform vulnerability assessment using various vulnerability assessment tools.

Section 01: Vulnerability Assessment Concepts

Vulnerability

Vulnerability:

Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware.

Examples

1. Protocols such as HTTP, FTP, telnet are inherently insecure

2. OS is not patched / using latest version

3. Software / hardware using weak or default credentials

4. Misconfigurations in different part of the stack

Microsoft security response center:

The Microsoft Security Response Center is part of the defender community and on the front line of security response evolution. For over twenty years, we have been engaged with security researchers working to protect customers and the broader ecosystem.

Vulnerability assessment:

A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems.

Common Vulnerabilities and Exposures

Common vulnerabilities and exposures (CVE):

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.

Common vulnerability scoring system (CVSS):

The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.

National vulnerability database (NVD):

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Common weakness enumeration (CWE):

The Common Weakness Enumeration (CWE) is a category system for hardware and software weaknesses and vulnerabilities.

Section 02: Vulnerability Assessment Concepts

Vulnerability Classification

Buffer overflow:

In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.

Memory leak:

In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations[1] in a way that memory which is no longer needed is not released. A memory leak may also happen when an object is stored in memory but cannot be accessed by the running code (i.e. unreachable memory).[2] A memory leak has symptoms similar to a number of other problems and generally can only be diagnosed by a programmer with access to the program's source code.

Dynamic link library:

Dynamic-link library (DLL) is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems

Race conditions:

A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when one or more of the possible behaviors is undesirable.

Examples of vulnerability classifications are

    Misconfigurations

    Poor patch management

    Third-party risks

    Default passwords

    Zero-day vulnerabilities

    Improper certificate / key(s) management

    Default configurations

    Buffer overflows

    Memory leaks

    DLL (Dynamic link library) injection

    Race conditions

Section 03: Vulnerability Assessment Tools

Tools

Qualys:

Qualys VMDR 2.0 enables customers to automatically detect vulnerabilities and critical misconfigurations per CIS benchmarks, broken out by asset.

Nessus:

Take advantage of the industry's most trusted vulnerability assessment solution to assess the modern attack surface. Extend beyond your traditional IT assets -- secure cloud infrastructure and gain visibility into your internet-connected attack surface.

Nikto:

Nikto is a pluggable web server and CGI scanner written in Perl, using rfp’s LibWhisker to perform fast security or informational checks.