Vulnerability Testing

Vulnerability Scanning

  • Vulnerability - A flaw in a system that can leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.

  • Vulnerability Scanning - An inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks, and communications equipment and predicts the effectiveness of countermeasures.

Assessment

  • Goal is to identify:

    • System, network, or application weaknesses.

    • Unpatched or not-updated systems or applications.

    • Common misconfigurations.

    • A lack of security controls.

Assessment Process

  • Passively test security controls.

    • Does not exploit a vulnerability.

  • Identify vulnerability, system flaw, or unpatched code.

  • Identify lack of security controls.

  • Identify common misconfigurations by reviewing system settings, policies, or rule sets.

Assessment Types

  • Intrusive vs Non-Intrusive - See passive vs Active Reconnaissance.

    • Intrusive: Directly engaging on the target system to identify weaknesses that could be used to launch an attack.

    • Non-intrusive: Gain vulnerability information about targeted computers and networks without actively engaging with the systems.

      • Example: Qualys SSL Labs (https://www.ssllabs.com/ssltest/)

  • Credentialed vs Non-Credentialed - Whether or not authentication credentials (user IDs & passwords) are used in scanning. Credentialed has lesser risks and may provide more information, but isn't as realistic.

  • False Positive - Occurs when a scan mistakenly identifies a vulnerability when it is not.

Backdoor Applications