Module 05: Vulnerability Analysis
Overview of Vulnerability Assessment
A vulnerability refers to a weakness in the design or implementation of a system that can be exploited to compromise the security of the system. It is frequently a security loophole that enables an attacker to enter the system by bypassing user authentication. There are generally two main causes for vulnerable systems in a network, software or hardware misconfiguration and poor programming practices. Attackers exploit these vulnerabilities to perform various types of attacks on organizational resources.
Lab 1: Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
Overview of Vulnerabilities in Vulnerability Scoring Systems and Databases
Vulnerability databases collect and maintain information about various vulnerabilities present in the information systems.
The following are some of the vulnerability scoring systems and databases:
Common Weakness Enumeration (CWE)
Common Vulnerabilities and Exposures (CVE)
National Vulnerability Database (NVD)
Common Vulnerability Scoring System (CVSS)
Task 1: Perform Vulnerability Research in Common Weakness Enumeration (CWE)
Common Weakness Enumeration (CWE) is a category system for software vulnerabilities and weaknesses. It has numerous categories of weaknesses that means that CWE can be effectively employed by the community as a baseline for weakness identification, mitigation, and prevention efforts. Further, CWE has an advanced search technique with which you can search and view the weaknesses based on research concepts, development concepts, and architectural concepts.
Task 2: Perform Vulnerability Research in Common Vulnerabilities and Exposures (CVE)
Common Vulnerabilities and Exposures (CVE) is a publicly available and free-to-use list or dictionary of standardized identifiers for common software vulnerabilities and exposures. It is used to discuss or share information about a unique software or firmware vulnerability, provides a baseline for tool evaluation, and enables data exchange for cybersecurity automation.
Task 3: Perform Vulnerability Research in National Vulnerability Database (NVD)
The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). These data enable the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
Overview of Vulnerability Assessment
A vulnerability assessment is an in-depth examination of the ability of a system or application, including current security procedures and controls, to withstand exploitation. It scans networks for known security weaknesses, and recognizes, measures, and classifies security vulnerabilities in computer systems, networks, and communication channels. It identifies, quantifies, and ranks possible vulnerabilities to threats in a system. Additionally, it assists security professionals in securing the network by identifying security loopholes or vulnerabilities in the current security mechanism before attackers can exploit them.
There are two approaches to network vulnerability scanning:
Active Scanning
Passive Scanning
Task 1: Perform Vulnerability Analysis using OpenVAS
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. Its capabilities include unauthenticated testing, authenticated testing, various high level and low-level Internet and industrial protocols, performance tuning for large-scale scans, and a powerful internal programming language to implement any vulnerability test. The actual security scanner is accompanied with a regularly updated feed of Network Vulnerability Tests (NVTs)—over 50,000 in total.
Launch OpenVAS tool
OpenVAS is an automated network scanning tool. It can be used by following the documentation provided on the OpenVAS website.
Task 2: Perform Vulnerability Scanning using Nessus
Nessus is an assessment solution for identifying vulnerabilities, configuration issues, and malware, which can be used to penetrate networks. It performs vulnerability, configuration, and compliance assessment. It supports various technologies such as OSes, network devices, hypervisors, databases, tablets/phones, web servers, and critical infrastructure.
Nessus is an automated network scanning tool. It can be used by following the documentation provided on the Nessus website.
Task 3: Perform Web Servers and Applications Vulnerability Scanning using CGI Scanner Nikto
Nikto is an Open Source (GPL) web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files and HTTP server options; it will also attempt to identify installed web servers and software.
Nikto is an automated Web Application scanning tool. It can be used by following the documentation provided on the Nikto website.
Hacker's Mantra:Hacking is like sex, you need breath, in the last step, you feel incredible pleasure and the best time to practice it is at night. - Amine Essiraj