A vulnerability is any mistakes or weakness in the system security procedures, design, implementation or any internal control that may result in the violation of system's security policy Or, in other words, the possibility for intruders (hackers) to get unauthorized access.
In this tutorial, you will learn-
Vulnerability Assessment is a software testing technique performed to evaluate the sudden increase of risks involved in the system in order to reduce the probability of the event.
It depends on two mechanisms:-
1. Vulnerability Assessment
2. Penetration Testing
Why to do Vulnerability Assessment
- It is important for the security of the organization.
- The process of locating and reporting the vulnerabilities, which provide a way to detect and resolve security problems by ranking the vulnerabilities before someone or something can exploit them.
- In this process Operating systems, Application Software and Network are scanned in order to identify the occurrence of vulnerabilities, which include inappropriate software design, insecure authentication, etc.
1. Goals& Objectives: - Defines goals and objectives of Vulnerability Analysis
2. Scope: - While performing the Assessment and Test, Scope of the Assignment needs to be clearly defined.
The following are the three possible scopes exist:
- Black Box Testing: - Testing from an external network with no prior knowledge of the internal network and systems.
- Grey Box Testing: - Testing from either external or internal networks, with the knowledge of internal network and system. It's the combination of both Black Box Testing and White Box Testing.
- White Box Testing: - Testing within the internal network with the knowledge of internal network and system. Also known as Internal Testing.
3. Information Gathering: - Obtaining as much information about IT environment such as Networks, IP Address, Operating System Version, etc. It's applicable to all the three types of Scopes such as Black Box Testing, Grey Box Testing and White Box Testing
4. Vulnerability Detection: -In this process, vulnerability scanners are used, it will scan the IT environment and will identify the vulnerabilities.
5. Information Analysis and Planning: - It will analyze the identified vulnerabilities, to devise a plan for penetrating into the network and systems.
- Begin Documentation
- Secure Permission
- Update Tools
- Configure Tools
- Test Execution:
- Run the Tools
- Run the captured data packet (A packet is the unit of data that is routed between an origin and the destination. When any file (e-mail message, HTML file, Uniform Resource Locator(URL) request, etc. ..) is sent from one place to another on the internet, the TCP layer of TCP/IP divides the file into a number of "chunks" for efficient routing, and each of these chunks will be uniquely numbered and will include the Internet address of the destination. These chunks are called packet. When they have all arrived, they will be reassembled into the original file by the TCP layer at the receiving end. , while running the assessment tools
- Vulnerability Analysis:
- Defining and classifying network or System resources.
- Assigning priority to the resource( Ex: - High, Medium, Low)
- Identifying potential threats to each resource.
- Developing a strategy to deal with the most prioritize problems first.
- Defining and implementing ways to minimize the consequences if an attack occurs.
- The process of fixing the vulnerabilities.
- For every vulnerability
- Host Based
- Identifies the issues in the host or the system.
- The process is carried out by using host-based scanners and diagnose the vulnerabilities.
- The host-based tools will load a mediator software onto the target system; it will trace the event and report it to the security analyst.
- Network Based
- It will detect the open port, and identify the unknown services running on these ports. Then it will disclose possible vulnerabilities associated with these services.
- This process is done by using Network-based Scanners.
- Database Based
- It will identify the security exposure in the database systems using tools and techniques to prevent from SQL Injections. (SQL Injections: - Injecting SQL statements into the database by the malicious users, which can read the sensitive data's from database and can update the data in the Database.)
|Host Based||STAT||Scan multiple systems in the network.|
|TARA||Tiger Analytical Research Assistant.|
|Cain & Abel||Recover password by sniffing network, cracking http password.|
|Metasploit||Open source platform for developing, testing and exploit code.|
|Network Based||Cisco Secure Scanner||Diagnose and Repair Security Problems.|
|WireShark||Open Source Network Protocol Analyzer for Linux and Windows.|
|Nmap||Free Open Source utility for security auditing.|
|Nessus||Agent less auditing, Reporting and patch management integration.|
|Database Based||SQL diet||Dictionary Attack tool door for SQL server.|
|Secure Auditor||Enable user to perform enumeration, scanning, auditing and penetration testing and forensic on OS.|
|DB-scan||Detection of Trojan of database, detecting hidden Trojan by baseline scanning.|
- Open Source tools are available.
- Identifies almost all vulnerabilities
- Automated for Scanning.
- Easy to run on regular basis.
- High false positive rate
- Can easily detect by Intrusion Detection System Firewall.
- Often fail to notice the latest vulnerabilities.
|Vulnerability Assessment||Penetration Testing|
|Working||Discover Vulnerabilities||Identify and Exploit Vulnerabilities|
|Mechanism||Discovery & Scanning||Simulation|
|Focus||Breadth over Depth||Depth over Breadth|
|Coverage of Completeness||High||Low|
|Performed By||In house Staff||Attacker or Pen Tester|
|How often to Run||After each equipment is loaded||Once in a year|
|Result||Provide Partial Details about Vulnerabilities||Provide Complete Details of Vulnerabilities|
- Inactive Testing, a tester introduces new test data and analyzes the results.
- During the testing process, the testers create a mental model of the process, and it will grow further during the interaction with the software under test.
- While doing the test, the tester will actively involve in the process of finding out the new test cases and new ideas. That's why it is called Active Testing.
- Passive testing, monitoring the result of running software under test without introducing new test cases or data
- Network Testing is the process of measuring and recording the current state of network operation over a period of time.
- Testing is mainly done for predicting the network operation under load or to find out the problems created by new services.
- We need to Test the following Network Characteristics:-
1. Utilization levels
2. Number of Users
3. Application Utilization
- Distributed Tests are applied for testing distributed applications, which means, the applications that are working with multiple clients simultaneously. Basically, testing a distributed application means testing its client and server parts separately, but by using distributed testing method, we can test them all together.
- The test parts will interact with each other during the Test Run. This makes them synchronized in an appropriate manner. Synchronization is one of the most crucial points in distributed testing.
Vulnerability Testing depends upon two mechanisms namely Vulnerability Assessment and Penetration Testing. Both these tests differ from each other in strength and tasks that they perform. However, to achieve a comprehensive report on Vulnerability Testing, the combination of both procedures is recommended.
This article is contributed by Syamini Sreedharan