CEH 5-Vulnerability Analysis

What is Vulnerability?

  • A bug or flaw or weakness in a software.
  • It can exposed to a critical hacking attack from a hacker is called Vulnerability.
Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

Vulnerability Analysis:

  • Vulnerability analysis is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications or network infrastructure. 
  • This phase allows the organization to perform security assessment with the necessary knowledge, awareness and risk background to understand the threats and react appropriately. 
  • Attackers perform vulnerability analysis to identify security loopholes in the target organization's network or communication infrastructure. 
  • Attackers take advantage of identified vulnerabilities to perform further exploitation of that target network.

How Vulnerability Analysis is Done?

  • It can be done by vulnerability scanner (software).
  • It compares details about the target attack surface to a database of information about known security vulnerabilities.
  • Like services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts.

Objectives of Vulnerability Analysis:

  • Identify vulnerabilities ranging from critical design flaws to simple misconfigurations.
  • Document the vulnerabilities so that the developers and networks administrators can easily identify and reproduce the findings.
  • Create guidance to assist network administrators and developers with remediating the identified vulnerabilities.

Common Types of Vulnerabilities:

  • SQL injection
  • Missing data encryption
  • Buffer-overflow
  • Missing authentication for critical functions
  • Missing authorization
  • Unrestricted upload of dangerous file types
  • Cross-site request forgery
  • Download of codes without integrity checks
  • Weak passwords
  • Path/Directory traversal

List of network vulnerability scanners

  • Nessus
  • Nexpose - Paid and free solution available from Offensive security 
  • OpenVAS
  • GFI LanGuard - Scans both Hardware & Software Vulnerabilities.
  • Qualys guard - Works both on LAN & WAN
  • Saint
  • Core impact - Scanner and Exploit framework

Vulnerability Research

  • It is the process by which security flaws in technology are identified.
  • Vulnerability research does not always involve reverse engineering, code analysis, etc. 
  • Performing vulnerability research against technology pre-release enables technology vendors to provide their customers with higher quality products and higher levels of trust and security.

List of vulnerability research websites

Types of Vulnerability Assessment Reports

Technical Report:

  • Includes detailed description related to vulnerabilities found on the target computer.

Non-Technical Report:

  • Brief report on vulnerabilities found on the target computer.
  • This report includes graphs and charts that are easy to understand the risk.
 

Be Aware, Be Secure.

Thank You 🙏

Comments