Vulnerability Testing: A Detailed Guide-SOUTECH guide

Vulnerability Testing: A Detailed Guide-SOUTECH guide

One of the major challenges which the cybersecurity world is facing is the way vulnerabilities are classified or grouped. Many security vendors, professionals and product developers have given different names the same type of vulnerabilities and it has grown to become a confusing idea to security practitioners when performing tests. This is the reason why some organisations such as CVE (Common Vulnerabilities and Exposures have come together to develop a common language for vulnerabilities.

The CVE which is sponsored by the Mitre Corporation, has set up a standard for which naming security vulnerabilities conventionally in other to make it easier to discuss, perform and document. A complete list of CVE for vulnerability testing can be downloaded from CVE.

CVE standard has been deployed by many security products to name but a few such as;

  • Nessus Security scanner
  • STAT (Security Threat Avoidance Technology
  • Internet Scanner by ISS (Internet Security Systems)

Types of Vulnerability Scanners

Vulnerability scanners can be classified into;

  1. Host Based vulnerability scanners
  • It identifies the issues that are inherent in the host system.
  • This process of scanning is performed by using host-based scanners to check for the vulnerabilities.
  • When the host-based tools load the mediator software to the target system, it traces the events that have occurred and sends the report to the security analyst for analysis and decide the next move.
  1. Network Based vulnerability scanners
  • This process is performed using Network-based Scanners.
  • The function of the network-based scanners is to detect the open ports, identify the unknown services and active and running ports.
  • It then gives a result of all the possible vulnerabilities that are associated with these services.
  1. Database Based Vulnerability scanners
  • The database -based vulnerability scanners will identify the security loopholes in the database
  • Here, tools and techniques are applied to test if the database is susceptible to SQL injections. The tester performs an SQL injecting SQL queries into the database in to read any sensitive data from the database. If there are any loopholes, the cyber security expert then updates the data in the data and tries to patch the security issue.

Steps for Performing Vulnerability Testing

The full methodologies on how to perform Vulnerability testing can be found in my previous article on vulnerability testing. I will describe briefly the steps that can be used to carry out any vulnerability test.

1.Check for Live Hosts: Here we have to check if the host is alive on the network. We can also

  • detect firewalls in the network
  • Probe for open ports such as UDP and TCP ports and other ports
  • TCP ports such as 1-111, 135,139, 443, 445 etc.
  • UDP ports such as 53, 111, 135, 137, 161 and 500

Whether or not the target is alive or offline, the scan can still be done.

2. Detect Firewalls: Here we try to determine there is a firewall in front of the target system. This is because some systems may appear to be offline but in the actually sense they are just protected by firewalls to be off and can still be open to attacks.

This test also attempts to gather a lot of network information from the target network especially when doing UDP and TCP probing.

3. Determine Open services and ports: In this step, we try to scan the UDP and TCP ports in other to discover the ports and services that are open. The ports to be probed are UDP and TCP ports 65-535 and in most setups, it is recommended to use the best scan probes to save the network bandwidth and the network time. So during the performance of an indepth scan, the use of full profiled scan probes are recommended.

4. Detection of Operating Systems and Versions: This involves discovering the OS versions and the services in other to optimize it. Once the process of UDP and TCP port scanning have been over, the pen tester uses different techniques in other to identify the OS that is running on the target host and network.

5. Perform a profiled Vulnerability scan: A profiled scan is applied in order to get an optimized vulnerability scanning result. Profiled scans include;

  • Best scan to get popular ports
  • Quick Scan to get most common ports
  • Firewall scan by performing stealth scan
  • Aggressive Scan by performing full scan, exploits and for DOS attacks

6. Developing a detailed Report: There are different formats to generate reports and the outputs of risk analysis and remediation suggestions. You can read the the OWASP full vulnerability scan documents to get a template for presenting your reports.

Vulnerability Testing Tools

Vulnerability testing tools can be classified into  Host-based tools and Data-based tools. I will describe a few tools which are efficient for performing vulnerability assessment.

Category

Tool

Description

Host-Based STAT It scans multiple systems on the network.
  TARA An acronym for Tiger Analytical Research Assistant. It is a unix-based system scanner which detects a set of known vulnerabilities in the local host of the network.
  Cain and Abel It can be used for cracking HTTP passwords and for retrieving passwords by sniffing the network.
  Metasploit It is an open source platform on linux for developing, testing and exploit of codes.
  WireShark This is an open Source network protocol analyzing tool that runs on both Linux and Windows platforms. Used to sniff the services running on the network.
  Nmap This is also an open source utility tool for carrying out security audits.
  Nessus This is an agent-less platform for auditing, reporting and carrying out patch management integration.
Database-based SQL diet A tool door for the SQL server for performing dictionary attacks.
  Secure Auditor It enables a user to carryout enumeration, network scanning, auditing and also perform penetration testing and forensic on the operating systems.
  DB-scan It is a tool used for the detection of trojans on the database, and also detecting hidden trojans by performing baseline scanning.

 

Advantages of Vulnerability Assessment

The common advantages of performing vulnerability assessments are;

  • There are readily available open source tools for performing vulnerability assessments.
  • It provides a platform to identify, detect and curb almost all vulnerabilities inherent on any system.
  • Some of the afore mentioned tools are automated for scanning.
  • These vulnerability assessment tools are easy to run on a regular basis.

Disadvantages of Vulnerability Assessment

  • There is an increase in the rate of false positive results
  • A vulnerability assessment tool can easily be detected by an Intrusion Detection System (IDS)/Firewall.
  • Sometimes recent and latest vulnerabilities can be hardly noticed.

Vulnerability Assessment vs Penetration Testing

Vulnerability Assessment Penetration Testing
Functionality To discover Vulnerabilities To Identify and exploit known vulnerabilities
Mechanism For discovery & scanning Perform simulations
Focal point Considers breadth over depth Considers depth over breadth
Coverage of Completeness High Low
Cost of Use Low to Moderate High
Tester House staff An attacker or Penetration Tester
Tester Knowledge High Low
How often is being run Run after every single equipment is loaded Run once in a year or quarterly depending on organizations policy
Results provided Gives partial and inconclusive details about the Vulnerabilities It gives a complete detail of all the  identified vulnerabilities

When performing vulnerability testing, you must know that it depends on two major mechanisms which are vulnerability assessment and penetration testing which I have been able to differentiate summarily. Now, these two test methods differ from each other in the areas of the tasks they perform and the weight of their performance levels.

However, if one must achieve a comprehensive and well detailed vulnerability testing with reports, a combination of both methods is always recommended.

We at Soutech web consults have a professional team that can carry out well organized and detailed vulnerability testing on your organization. Do well to contact us today on our website.

 

 

 

 

 

 

 

 

 

 

Share this post