adam's notes

Vulnerability Analysis Methods

Map/Discovery Scan

A map/discovery scan identifies the devices connected to a network or network segment.

  • can be complicated due to:
    • highly segmented networks
    • router ACLs
    • device connection via VPN
    • host-based firewalls
  • helps locate rogue devices
  • are simple discovery scanner tools and more sophisticated vuln scanners
    • vuln scanners can leverage agents or credentials for more reliable host discovery

Device Fingerprinting

Fingerprinting is identifying the type and version of an operating system (or server application) by analyzing its responses to network scans.

  • focus attention on an individual device to better understand its purpose, vendor, software versions, configuration details, and the existence of vulnerabilities

Static Analysis

Static analysis is the process of reviewing uncompiled source code either manually or using automated tools.

  • can be performed in a many ways:
    • manual inspection of source code in order to identify vulnerabilities in programming techniques
    • uses specialty applications or add-ons to development tools that are designed to look for well-known programming methods and constructs that are known to be problematic

Dynamic Analysis

Dynamic analysis is software testing that examines code behavior during runtime.

  • Evaluation tasks may be:
    • manual interactions with the features and functions that comprise the system, application
    • or interactions that leverage the power of specialized tools

Fuzzing

Fuzzing is a dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds.

A fuzzer is the tool used to automatically generate and inject the malformed data.

  • generally use different number formats, character types, text values, and/or binary values as it operates and includes sequences and values known to be problematic
    • e.g.,
      • very large, zero, or negative numbers
      • URLs instead of typical values
      • escaped or interpretable sequences such as SQL commands

Reverse Engineering

Reverse engineering is the process of analyzing the structure of hardware or software to reveal more about how it functions.

  • objective is to determine how much information can be extracted from delivered software
  • can find:
    • source code
    • software methods
    • programming language
    • developer commands
    • variables names and types
    • system web calls
    • etc.
  • can be done on software and hardware

Compliance Scans and Regulatory Requirements

  • Compliance and regulations usually have a security framework or checklist
    • can be added to security software tools like IDS, SIEM, and vulnerability scanners to check for deviations from the template

Graph View

Backlinks