The complexity of modern enterprises, their reliance on technology, and the heightened inter connectivity among organizations are rapidly evolving developments that create widespread opportunities for theft, fraud, and other forms of exploitation by offenders both outside and inside an organization. Internal and external perpetrators can exploit traditional and new vulnerabilities in seconds.
When we talk about vulnerability assessment there are two areas and different layers that need to be understood so that the scope of the “VA” can be defined. There are vulnerabilities in the software of the applications being used that can be exploited by someone who knows about them.
The first layer would be the web applications. The most common threats to these are:
• Cross-Site Scripting (XSS) - A web application accepts user input (such as client-side scripts and hyperlinks to an attacker’s site) and displays it within its generated web pages without proper validation.
• SQL Injection - Unvalidated input is used in an argument to a function that calls an SQL query.
* Many web applications on the internet still use "SQL Injection" for their normal functionality. It should be noted that this is only a difference in intent. The web applications that legitimately use SQL Injection are guaranteed to be vulnerable to the tools and techniques used by attackers to perform malicious SQL Injections. The servers that house these applications may have a higher compromise rate not only because they are known to be vulnerable, but also because they fail to distinguish between legitimate and malicious injects to identify attacks.
• File Inclusion - Unvalidated input is used in an argument to file or stream functions. Then there is the OS (operating system) itself which has vulnerabilities that are always being discovered. The vendors post these on their websites and provide patches and updates i.e. Microsoft.
Also there are the client side applications such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs. This is currently the primary initial infection vector used to compromise computers that have internet access.
These mentioned above would be the first group of vulnerabilities that are related to the source code of applications and can be discovered by automated tools and manual techniques. These can be fixed by patches and software updates.
The second group of vulnerabilities is related to security policies and procedures. Bitshield Security Consulting can review these and help you develop your Security Policies and Procedures. This would be an added dimension to the scope of a VA/PT.
No comments:
Post a Comment