4.1 Flashcards
vulnerability assessment
a testing methodology used to recognize and assign severity
levels to as many security defects as possible in a
timeframe
vulnerability assessment process usually involves:
- This process typically involves manual and automated techniques with varying degrees of
precision with an emphasis on comprehensive
coverage
SAST tools are also known as:
code analyzers that conduct a direct
white-box analysis of the application source code
The analysis runs on a static view of code, in that the code is not
running at the time of the assessment
DAST tools are most often:
web scanners like OWASP
ZAP and Burp Suite (vulnerability scanners)
what does DAST perform?
They perform know-nothing in that they do not have access to the code or the implementation
specifics
* A DAST tool will only inspect the system’s responses
to a series of tests designed to highlight
vulnerabilities
package monitoring
- Processes and tools that troubleshoot application
performance issues in Dev, QA, and production
environments with: - Code-level insights
- Distributed transaction tracing
- Application service maps, and more
Vulnerability scanning
is the process of identifying
known and unknown weaknesses in systems,
applications, services, and policies using tools
Vulnerability scanning is an easier and often more
focused process looking for unpatched systems,
misconfigurations, and open ports
*penn testing uses
network scanners
can be used to scan IP addresses,
ports, and device locations presented in a
customized graphical XML view
* Most provide network monitoring and management
capabilities to detect, diagnose, and resolve network issues and outages
*wireless network mainly
*Active malware worms are also considered network
scanners
web scanner
- The most common vulnerability scanners will test
web applications and services to look for: - Cross-site scripting and request forgery
- SQL and other command injection
- Broken authentication and session management
- Insecure direct object references
- Insecure server configuration (XML, PHP, etc.)
- Exposing sensitive data
compliance scanning
- Compliance audit decides if a system is configured in
agreement with a recognized governance policy
whereas a vulnerability scan determines if the
system is exposed to known vulnerabilities - Sometimes compliance involves auditing more
sensitive data and systems
penetration testing
- Penetration testing is security testing in which
assessors simulate real-world attacks to identify
methods for evading the security features of an
application, system, or network
Penetration testing can also be useful for determining:
- How well the system tolerates real world-style attack
patterns - The likely level of sophistication an attacker needs to
successfully compromise the system - Additional countermeasures that could mitigate
threats against the system - The defenders’ ability to detect attacks and respond
appropriately
Pre-engagement meetings determine a variety of elements:
- Scoping and restrictions
- Pricing and cost structure
- Know-all, know-nothing (clear/opaque or
viewed/hidden or visible/invisible) - Credentialed vs. non-credentialed
- Bug bounties
- Intrusive vs. non-intrusive
PENETRATION TESTING LIFE CYCLE
-info gathering
-threat modeling
-vulnerability analysis
-exploitation
-post exploitation
-reporting
vulnerability response and remediation
- Additional control implementation
- Patch management (tested)
- Insurance
- Segmentation and compartmentalization
- Compensating controls
- Exceptions and exemptions
