Skip to main content

 

Vulnerability Identification Techniques

R. Eric Kiser

Vulnerability detection can often be automated through the use of tools such as vulnerability scanners. While these tools can be useful, it is important for organizations not to rely solely on automated techniques and to also incorporate more comprehensive methods in their vulnerability detection efforts. Failing to do so could result in the organization missing vulnerabilities that could potentially lead to data breaches. There are a number of methods that can be employed to identify vulnerabilities in target systems

Penetration Tests

A penetration test, also known as a pen test, is a simulated cyber attack on a computer system, network, or web application to test its defenses and identify vulnerabilities that an attacker could exploit. This is much more than just a scan as the pen tester intends to find a method of getting foothold on your internal network or sensitive data by acting as a real attacker would. This type of vulnerability detection techniques can help discover code issues, misconfigurations, procedures, processes, and or architecture weaknesses.

Social Engineering Tests

A social engineering assessment is a security testing method that aims to identify vulnerabilities in the human element of an organization. During the assessment, the tester will use a carefully crafted pretext, or cover story, to try and trick users into divulging sensitive information or providing access to systems. More often than not this will provide leaders with a clear understanding of the need for better processes and procedures.

Network Mapping

Organizations should create a map of their network infrastructure in order to identify vulnerabilities and weaknesses in the design. This is especially important for organizations with multiple sites and legacy systems, as these can often be sources of vulnerabilities that are overlooked. Network mapping can help organizations discover forgotten devices on the network or identify structural design flaws that may have been introduced by past administrators who did not properly secure the system. By creating a thorough and accurate map of the network, organizations can more easily identify and address vulnerabilities, improving their overall security posture.

Audits

Conducting audits can be an effective way of identifying vulnerabilities that may not be easily detected through other methods. This is especially true in large organizations where there may be multiple moving parts and a risk of confusion or corners being cut. One common area where vulnerabilities can arise is in the on-boarding and off-boarding process, where there may be a tendency to prioritize granting new users access over properly removing access for users who have left the organization. This can result in accounts with lower security features or in users retaining access to systems long after they have left the organization. Single sign-on (SSO) systems can help minimize this risk, but it is important for organizations to regularly review and audit their user access to ensure that all vulnerabilities are identified and addressed. I have discovered systems where users who left the organization 20 years ago still had access. Audits can help organizations identify and address these types of vulnerabilities, ensuring that only authorized users have access to organizational resources.

Configuration Reviews

Configuration reviews are an important aspect of maintaining a secure network and ensuring compliance with policies and standards. During a configuration review, organizations can verify that their systems are configured according to their baseline configuration policy and identify any deviations from this policy. This can be particularly useful for identifying and addressing vulnerabilities such as users who have been granted local administrator rights without a business case or being on the exclusions list. There are many tools available that can automate the process of configuration review and assist with identifying deviations from policy. One such tool is CIS-CAT Pro, which is designed to scan systems and report on their compliance with the CIS configuration standards. I highly recommend a tool for this job as it is nearly impossible to complete manually.

Code Review

Automated code review is available but do not assume it will catch everything. Be sure to have manual code review in your DevOps pipeline.

Vulnerability Scanners

Vulnerability scanners are a valuable tool for identifying vulnerabilities in systems and networks. These scanners can be used to discover missing patches and other flaws in the network, and are particularly effective at identifying outdated software, hardware, and protocols. While vulnerability scanners can be a useful component of a vulnerability management strategy, it is important for organizations not to rely solely on this method and to also incorporate other techniques in order to ensure that all potential vulnerabilities are identified and addressed.

Comments

Post a Comment

Popular posts from this blog

  Python Script to search for YouTube Data trends R. Eric Kiser As a subject matter expert, I wanted to gain insight into the topics that my readers and students are interested in. Given the increasing popularity of video platforms such as YouTube, I decided to use a Python script to pull data from Google Trends on a specific topic of interest, “hacking.” This script allows me to understand the current trends and popular search queries in the field, and tailor my content to align with the needs and interests of my audience. Below is the simple script that I created. I tend to do more with the project but that is for another day. import requests from pytrends.request import TrendReq # create a new instance of the pytrends class pytrend = TrendReq() # prompt for keyword keyword = input ( "Enter a keyword to search for data trends: " ) # set the parameters for the trend search kw_list = [keyword] timeframe = "today 1-m" # get the trends pytrend.build_payloa...
Post a Comment
Read more
  Cyber Incident Response Workflow Diagraming Tools R. Eric Kiser There are several diagram drawing tools available on the market today that can be explored. Two very common drawing tools, Microsoft Visio and Draw.io tend to dominate the arena. Draw.io is a free, web-based diagramming software that allows users to create a variety of diagrams, including flowcharts, mind maps, network diagrams, and more. It is web application or as a standalone desktop application for multiple operating systems. Draw.io provides a range of templates and shapes to help users create professional-looking diagrams quickly and easily. It also has a range of collaboration features, including the ability to share diagrams and work on them with others in real-time. Draw.io supports a number of file formats, including .png, .svg, .pdf, and .xml, and can be integrated with other applications through its API. Microsoft Visio is very similar to Draw.io but is the proprietary and a part of the Micr...
Post a Comment
Read more