Vulnerability Management
and
Penetration Testing
Embedded Files
What is Vulnerability Management ?
Vulnerability management is the process of continuously identifying, evaluating, treating, and reporting vulnerabilities .
Vulnerability management deals with security-relevant vulnerabilities in IT systems. This is an ongoing process aimed at identifying vulnerabilities in the IT infrastructure, assessing their severity and providing a list of measures to be taken to eliminate vulnerabilities.
Vulnerability management & Penetration Testing
In general, vulnerability assessment is the process of discovering and analyzing vulnerabilities and penetration testing is the process of exploiting those vulnerabilities to help determine the best mitigation technique.
Types of Vulnerability Assessments Critical for All Businesses
Types of Vulnerability Assessments Critical for All Businesses
- Network-Based Scans
- Host-Based Scans
- Wireless Scans
- Application Scans
- Database Scans
Complete Guide of Vulnerability Assessments:
1. How to Identify Vulnerability (Identification)
a) Perform Vulnerability Scan to identify all the vulnerabilities list with CVE (Common Vulnerabilities & Exposures ).There are many tools are available in market to perform this (i,e. Nessus , Fortify, SonarQube, Burp Suite, Rapid7 , Nmap, Metasploit ..etc)
b) Misconfiguration could lead to vulnerability, Misconfiguration can result in brute-force attempts and exploits.
c) Technology that insecure by design also one kind of vulnerability.
d) API vulnerabilities Malicious actors can exploit insecure APIs by launching denial-of-service (DoS) attacks and code injections, both of which allow unauthorized access company data.
e) End of Life (EOL) and End of Service (EOS) also one type of vulnerable components.
f) Zero-day vulnerability is an undiscovered flaw in an application or operating system, a gap in security for which there is no defense or patch because the software maker does not know it exists.
2. Vulnerability Prioritize (Evaluation)
3. Vulnerability Remediation and Reporting
Vulnerability can be treat with multiple ways -
Based on Priority (CVSS rating) CVE can fix by applying patch. Check in NVD National Vulnerability Database for that CVE any patch available. Most of the organization patch apply with network team and change governance process.
Check network security or WAF (Web application firewall ) level to handle .
Application Whitelisting
System hardening ( Which includes - Server , database, OS hardening .etc )
Replacement of the affected system.
When Vulnerability Cannot be Fix ? What are the action to be taken
Check for possible system configuration and try modify/change to reduce the risk.
Possibility of remote command execution to fix the vulnerability.
Isolate the vulnerable system to reduce the attack surface.
Front end public facing application can be place behind VPN to control inbound and outbound traffic.
Study the possibility to stop the affected service.
Increase the data backup policy to minimise the data loss.
Monitor the system very closely.
Study the possibility for temporary replacement.
One example how to perform Vulnerability assessment and Penetration Testing
There are multiple open source or paid tools are available in market to perform VAPT scan. This illustration based on Nessus, Nmap and Metasploit.
Install the plugin of nessus
Put the IP address in Targets fields. Multiple IP address can be place (i,e. 162.19.18.24 - 162.19.18.32) . Free version of nessus can allow maximus 16 hosts scan.
Run the scan and wait till scan is completed
Once Scan is completed nessus will provide the details with Severity ( High , Medium and Low)
We can download this is report for further actions to remediate the vulnerability.
Repost can be download with pdf,csv format
Based on the extract scan report look for CVE number to apply patches.
Lets carry out Penetration Testing with the same example :
One CDE or Vulnerability is considered which is exploitable ( Refer screenshot its mention in nessus screen)
Take one Vulnerability which is exploitable
Go to Namp and Metasploit window
Lets consider one CVE which IP address with 192.168.1.5
Use payload to merge with Exploit vulnerable ( Refer screenshot)
Set the payload : set payload/shell_reverse_tcp
Take attacker system backup first before exploit
Install password to crack the username and password of attacker machine
Exploit the vulnerability and access the victim machine
Meterpreter is a Metasploit attack payload that provides an interactive shell to the attacker from which to explore the target machine and execute code
Application Security Testing
Application Security Testing
Application security testing a method of testing the security of a web application .
Static Application Security Testing (SAST)
Tools : Checkmarx ,Micro Focus ..etc
Dynamic Application Security Testing (DAST)
Tools : Synopsys ,Veracode, invicti ..etc
Interactive Application Security Testing (IAST)
Tools : invicti..etc
OWASP Top 10 (The Open Web Application Security Project )
The OWASP Top 10 is a list of the 10 most common web application security risks. By writing code and performing robust testing with these risks in mind, developers can create secure applications that keep their users' confidential data safe from attackers .
What is SQL Injection (SQLi) and How to Prevent
What is SQL Injection (SQLi) and How to Prevent
SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures.
How SQL Injection Work ?
A sql query execute on database and based on user credential ( Username and Password) to extract the data
select * from <table_name> username ='abc' and password = 'xyz'
Attacker use some malicious payload (example - ' or 1=1 -- as mentioned below) to disable the password and user portion return as 'True' value , Which help to extract value from database .
Select * from <table_name> WHERE username = '' OR 1=1-- ' AND password = ' ...
How Does SQL Work On a Website?
A website has three major components - Frontend, Backend and Database.
At the frontend, a website is designed using HTML, CSS, and JavaScript. At the backend, you have scripting languages such as Python, PHP, Perl, etc. The server side has databases such as MySQL, Oracle, and MS SQL Server, to execute the queries.
When you write a query, you generally send a get request to the website. Then, you receive a response from the website with HTML code.
Using the Postman API tool, you can test the responses that you get from various websites.
How to Prevent SQL Injection :
Use bind_parameter (i,e. use this function to store username/password field value as a parameter Uname = $bind_parameter (select * from <table_name> .......)
Form Validation : Do not hardcore any link or parameter inside code , Every time page should load from server side to fetch the data. In case input validation is missing there will be another layer output encoding to check this.
Limit the character of password field ( i,e. use typecasting, whitelisting, encoding ..etc)
Use function " mysql_real_escape_string "
$email= mysqli_real_escape_string($db_con,$_POST['email']); example - this will not allow (admin' ) anything after admin it will
escape after admin word (admin\)
What is Cross Site Scripting (XSS)
Cross site scripting is a code inject attack executed on the client side of a web application
Stored (persistent) cross-site scripting (XSS) happens when an attacker injects malicious code into the target application (for example, through a forum post or a comment) and this content is permanently stored (for example, in a database).
Reflected (non-persistent) cross-site scripting (XSS) happens when an attacker uses a malicious link, phishing email, or another social engineering technique to lure the victim into making a request to the server and this request contains malicious code.
DOM-based cross-site scripting (XSS) happens when the web application writes user input to the Document Object Model (DOM), then reads the data from the DOM and executes it in the browser.
What is a Zero-Day Vulnerability?
What is a Zero-Day Vulnerability?
A zero-day vulnerability is an undiscovered flaw in an application or operating system, a gap in security for which there is no defense or patch because the software maker does not know it exists—they’ve had “zero days” to prepare an effective response.
Google Sites
Report abuse