vULNERABILITY PHSE

SUBMITTED BY: DevilDawg

DATE: April 11, 2022, 8:20 a.m.

FORMAT: Text only

SIZE: 11.8 kB

Raw Download

HITS: 470

Report
  1. Vulnerability Scanning
  4. A vulnerability is a flaw that could lead to the compromise of the confidentiality, integrity or availability of an information system. Vulnerability identification involves the process of discovering vulnerabilities and documenting these into an inventory within the target environment.
  7. Vulnerability scanning uses an application to scan for security weaknesses in computers, networks, and other communications equipment in a system.
  9. Vulnerability scanning helps companies identify possible ways an attacker could exploit vulnerabilities that might cause outages, allow unauthorized network access, or acquisition of privileged information. Outdated software products, unpatched operating systems, and misconfigured hardware often lead to vulnerabilities.
  11. Scans use many different techniques to get applications to respond or read instructions in unexpected ways. Attackers can use these flaws to execute malicious code, steal information from memory, and install backdoor software to launch new attacks.
  16. Benefits of Running a Vulnerability Scan
  18. Both small and large organizations can benefit from running periodic vulnerability scans to ensure their IT infrastructure isn’t susceptible to attack. For attackers, it's now easier than ever to leverage specialized tools to scan for companies with specific vulnerabilities to exploit.
  20. Platforms like Burp Suite run scans every quarter automatically looking at millions of websites and applications, allowing individuals to narrow their search for vulnerable devices. These tools are becoming increasingly easier to use, making scans more valuable.
  22. Given the cost of a cyberattack, vulnerability scans act as a cost-effective way to stay proactive in protecting your network by discovering and fixing vulnerabilities before attackers can find them.
  27. Types of Vulnerability Scans
  29. Ethical hacking or internal security teams can tune vulnerability scans to help detect specific vulnerable applications or areas that need improvement. Let’s take a look at a few different types of scan options.
  34. Hacker-Powered Scans
  36. Hacker-powered security uses a community-driven approach to vulnerability scanning by incentivizing freelance hackers to find bugs on public-facing systems. Bug bounty programs attract hackers by offering monetary rewards for each vulnerability they report. By using this method, organizations can have their system continuously tested throughout the lifecycle of the system.
  41. Internal Scans
  43. Internal scans run from inside the network using techniques such as privilege escalation. Internal scans can shed light on how well staff members implement permissions and help find vulnerabilities that an insider attack may use to access servers and other critical applications.
  48. External Scans
  50. External scans focus on assets that are online and connected to the internet. These could be employee login pages, remote access ports, or company websites. By vulnerability scanning externally, organizations can better understand how vulnerable their forward-facing online assets are and theorize how an attacker could exploit them.
  55. Application-Based Vulnerability Scans
  57. Application-based scanning focuses on a specific segment or aspect of the business. For example, scanning could be focused only on IoT devices or the corporate wireless network. Companies can understand how vulnerabilities could impact their uptime and availability when scanning specific applications depending on what systems are affected. These scans help non-technical teams understand and correlate vulnerabilities with risk to business operations.
  62. Continuous Vulnerability Scanning
  64. Continuous scanning works to scan networks regularly, usually based on a set schedule. These scans can use probes inside and outside the network to produce a comprehensive report of different vulnerabilities that need remediation. Continuous vulnerability scanning reassures businesses and allows administrators to scan once without manually running them every quarter.
  69. Authenticated and Unauthenticated Scanning
  71. Authenticated scanning gives the vulnerability scanner access to privileged credentials to move laterally and farther into the network. Unauthenticated scanning helps detect issues around the perimeter of a network and shows how an attacker can find weaknesses and vulnerabilities. The benefit of authenticated vulnerability scanning is that it helps organizations identify permissions issues and weak accounts in the network.
  76. Examples of Vulnerability Scanning Software
  78. There are dozens of different tools that can help discover vulnerabilities. While these tools are great for finding vulnerabilities on a network, they still need to be administered by IT professionals who can properly run the scan, interpret the results, and then implement the necessary changes.
  83. Let’s take a look at a few popular vulnerability scanning tools.
  87. Qualys
  89. The Qualys cloud platform is a suite of tools that helps businesses manage their auditing and compliance using automation and on-demand security intelligence. The platform uses a series of sensors to centralize security data and provide cybersecurity insights from a single location.
  94. OpenVAS
  96. OpenVAS is a fully-featured vulnerability scanner that uses multiple scanning techniques to help organizations identify a wide range of internal and external vulnerabilities. The platform has a dedicated community of testers and uses its own programming language for multi-platform flexibility.
  101. Tenable
  103. Tenable offers vulnerability management to help organizations understand and manage their cybersecurity risk. Tenable uses continuous monitoring instead of a single vulnerability scan to provide compliance reports, risk assessments, and threat monitoring.
  108. Osmedeus
  110. Osmedeus specializes in both vulnerability scanning and reconnaissance gathering. The tool allows users to run several different in-depth scans and understand how their network gives attackers information during an attack’s research stage.
  114. Network Mapper
  116. Network Mapper, or Nmap is an open-source vulnerability scanner used on networks to identify vulnerabilities in protocol, view running services, and port scan different addresses.
  120. Rapid7
  122. Rapid7 provides cybersecurity services from SIEM solutions to vulnerability management for enterprise organizations. The platform offers managed security services, product consultations, and certification programs.
  126. Vulnerability Scans vs. Penetration Testing—What’s the Difference?
  128. Vulnerability scans identify potential ways an attacker could exploit a network or application. Each vulnerability can be a possible doorway into a secure system if exploited. The vulnerability scan’s purpose is to find and patch those vulnerabilities before exploitation.
  131. Penetration tests are performed to see how much of a network can be compromised. The tests also help organizations understand which systems are vulnerable and how they can remediate associated issues.
  133. Penetration testing is a lengthy process that goes a step beyond vulnerability scanning by actually exploiting the identified vulnerabilities and running payloads on the network. While vulnerability scans show businesses the potential damage, penetration tests follow through with the attack.
  135. Vulnerability scans are typically automated and run quarterly, while penetration testing is a manual test run annually by a security professional.
  138. What to Do After Running a Vulnerability Scan
  140. Depending on the type of scan and tool you use, you may be wondering what to do after the scan. The next steps can vary depending on the type of vulnerability found. For example, an exploit taking advantage of an old Windows XP vulnerability should be remediated by moving that application to a new operating system.
  142. Implementing fixes isn’t always straightforward and may require a more complex approach. Cross-site scripting attacks, SQL injection vulnerabilities, and unencrypted channels require an experienced professional.
  144. Professional scans and companies that run vulnerability scans as a service will usually offer a report outlining what the scan discovered and pairing each vulnerability with a recommended action.
  148. When Vulnerability Scans Aren’t Enough
  150. Standalone vulnerability scans can help companies identify problems but may do little to prioritize or fix issues. Businesses must be able to not only find vulnerable applications but fix them as well.
  152. Hackers scan and using hacker-powered security in your vulnerability scanning allows your organization to improve your security posture beyond specific tools, traditional office hours, or a single security team. While there are many vulnerability scans, bug bounty programs offer a more flexible way for businesses to secure their systems.
  154. Pair vulnerability scanning with advanced triage to help minimize the attack window and meet internal SLA requirements. Enterprise networks may see hundreds of potential vulnerabilities during a scan, making it difficult to know where to start. HackerOne triage teams work on incoming vulnerability reports to remove false positives, duplicate alerts, and streamline the remediation process.
  158. What are vulnerability lists?
  160. A vulnerability list is a documented listing of common vulnerabilities. The documented vulnerabilities are usually assigned an identification number, a description and public references. These vulnerabilities have been found to occur commonly and often lead to the exploitation of systems on the internet.
  162. There are various authentic sources of documented vulnerabilities, including the following:
  164. Databases: These databases include various information on vulnerabilities. For instance, information might include security checklist references, security-related software flaws, misconfigurations, product names and impact metrics.
  167. The following are some examples:
  169. NVD by NIST: This is a repository managed by the U.S. government
  171. CVE: This is managed by the MITRE Corporation and sponsored by the U.S. DHS
  173. OWASP: OWASP manages a list of vulnerabilities in a project known as the OWASP Top 10. Here, vulnerabilities are classified based on their frequency of attack. The list is updated only as OWASP decides it is necessary, with several years often passing between updates
  175. Exploit Database: This database of exploits is managed by Offensive Security
  177. Vendor advisories: Software vendors may issue advisories on how to deal with security vulnerabilities by applying patches that fix these security issues.
  180. The following are common vendors that take this approach to make security issues known:
  183. Microsoft: Microsoft Security Response Center manages a comprehensive library of security documents that discusses security issues affecting Microsoft products
  185. Adobe: Adobe manages a security advisory list where security issues are addressed and patches suggested
  187. VMware: Security issues related to VMware’s virtualization are published here
  189. CIRT lists and bulletins: These are groups that handle events that involve security breaches:
  191. US-CERT: This is the USA’s national risk advisor. They are responsible for providing cybersecurity knowledge and advisories to ensure better risk management for organizations
  193. SANS CIS Critical Security Controls: SANS provides security controls that help prevent today’s most prevalent cyberattacks
  195. SANS Internet Storm Center: This is a security bulletin that often discusses security-related topics, especially those that are currently trending
comments powered by Disqus