Please enable JavaScript.
Coggle requires JavaScript to display documents.
2 - Performing Vulnerability Assessments - Coggle Diagram
2 - Performing Vulnerability Assessments
Vulnerabilities
Description
Common Vulnerabilities and Exposures (CVE)
Common Vulnerability Scoring System (CVSS)
Common Configuration Enumeration (CCE)
Naming system for system configuration issues
Common Platform Enumeration (CPE)
Naming system for OS, applications, and devices
Extensible Configuration Checklist Description Format (XCCDF)
Language for specifying security checklists
Open Vulnerability and Assessment Language (OVAL)
Language for describing security testing procedures
Vulnerability scans
Network Discovery Scans
TCP SYN scan = half-open scan
TCP Connect scan
When a user cannot run a half-open scan
TCP ACK scan
To determine the rules enforced by a firewall
UDP scan
Xmas scan
Sends a packet with the FIN, PSH and URG flags set
Banner grabbing == identify the variant and version of a service running on a system
Requires explicit, and hopefeully written permission from the network owner to perform scanning
Network vulnerability scans
Run by default unauthenticated
Might have false negative report
Web application vulnerability scans
Database vulnerability scans
e.g. sqlmap
Vulnerability Management workflows
Validate
Remediate
Detect
Penetration Testing
NIST SP 800-115: Technical Guide to Information Security Testing and Assessment
Define the penetration testing process
4 phases
Planning
Scope
Rules of engagement
Discovery
Information gathering and scanning
Vulnerability analysis
Attack
Use manual and automated exploit tools
Reporting
Summarize results
Provide recommendations
3 types
Blackbox pentest == unknown environment
Greybox pentest == partially known environment
Whitebox pentest == known environment
Breach and Attack Simulation (BAS) == purple teaming