Vulnerability Scanning - CompTIA Security+ SY0-701 - 4.3
Understanding Vulnerability Scans
What are Vulnerability Scans?
- Vulnerability scans assess if a system is susceptible to attacks without executing an actual attack, distinguishing them from penetration tests.
- A basic example of a vulnerability scan is a port scan, which identifies open and closed ports on a system. Open ports may present potential vulnerabilities for attackers.
- These scans help identify vulnerable systems before attackers do, often focusing on external threats but also considering insider threats.
Challenges with Vulnerability Scans
- Vulnerability scans can generate extensive data, not all of which is accurate; thus, post-scan analysis is necessary to filter out false positives.
- Reports categorize vulnerabilities by severity (critical, high, medium, low), necessitating careful review and verification before any remediation actions.
Analyzing Scan Results
- Critical vulnerabilities include weaknesses in packages like OpenSSH or OpenSSL due to flaws in random number generators that compromise SSH host keys.
- Unsupported operating systems detected during scans pose significant risks as they cannot receive security updates or patches.
Static Application Security Testing
Overview of Static Code Analysis
- Developers utilize static application security testing tools to analyze source code for potential vulnerabilities such as buffer overflows or database injections.
- While effective at identifying certain issues within the code itself, static analyzers may miss vulnerabilities related to implementation specifics like authentication security.
Importance of Verification
- Just as with network vulnerability scans, results from static code analyzers require scrutiny to distinguish between valid findings and false positives.
Dynamic Analysis Techniques
Fuzzing Explained
- Dynamic analysis involves techniques like fuzzing—inputting random data into applications to observe unexpected behaviors or crashes.
- This method helps identify areas needing better input validation and error handling within the application’s codebase.
Historical Context of Fuzzing
Fuzzing Applications: Understanding the Basics
Introduction to Fuzzing
- Fuzzing involves inputting numerous iterations of random data into an application to observe its behavior and identify vulnerabilities.
- The Basic Fuzzing Framework (BFF) from CERT (Carnegie Mellon Computer Emergency Response Team) is a recommended tool for those interested in experimenting with fuzzing.
Running the BFF Tool
- A demonstration of the CERT BFF shows it executing various iterations, inserting random information into an application, and monitoring responses.
Application Installation Considerations
- When installing applications on Windows, macOS, or Linux, they may come as complete packages or standalone executables during setup.
- It is crucial to verify the trustworthiness of software packages before installation. Users should ensure that downloads are sourced directly from manufacturers.
Risks of Third-party Packages
- Downloading software from third parties can introduce risks; attackers might embed malware or vulnerabilities within these packages.