CompTIA Security+
Vulnerability Testing
Vulnerability Scanning
- Vulnerability - A flaw in a system that can leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.
- Vulnerability Scanning - An inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks, and communications equipment and predicts the effectiveness of countermeasures.
Assessment
- Goal is to identify:
- System, network, or application weaknesses.
- Unpatched or not-updated systems or applications.
- Common misconfigurations.
- A lack of security controls.
Assessment Process
- Passively test security controls.
- Does not exploit a vulnerability.
- Identify vulnerability, system flaw, or unpatched code.
- Identify lack of security controls.
- Identify common misconfigurations by reviewing system settings, policies, or rule sets.
Assessment Types
- Intrusive vs Non-Intrusive - See passive vs Active Reconnaissance.
- Intrusive: Directly engaging on the target system to identify weaknesses that could be used to launch an attack.
- Non-intrusive: Gain vulnerability information about targeted computers and networks without actively engaging with the systems.
- Example: Qualys SSL Labs (https://www.ssllabs.com/ssltest/)
- Credentialed vs Non-Credentialed - Whether or not authentication credentials (user IDs & passwords) are used in scanning. Credentialed has lesser risks and may provide more information, but isn't as realistic.
- False Positive - Occurs when a scan mistakenly identifies a vulnerability when it is not.