Section 1.7: Vulnerability Testing

Vulnerability Scanning/Assessment Types

-Passively test security controls -Identify vulnerability/system flaw/unpatched code -Identify lack of security controls -Identify common misconfigurations by reviewing system settings, policies, or rule sets

The goal is to identify:

-System, network, or application weaknesses -Unpatched or not-updated systems or applications -Common misconfigurations -A lack of security controls

Vulnerability

A flaw in the system that can leave it open to attack. A vulnerability may also refer to any type of weaknesses in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.

Intrusive

Actively engaging on the target system to identify weaknesses that could be used to launch an attack.

Vulnerability Scanning

An inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures

False Positive

Occurs when the scan mistakenly identifies a vulnerability when it is not

Credentialed vs. non-credentialed

Whether or not authentication credentials (user-ids and passwords) are used in scanning. Credentialed has lesser risks and may provide more information, but isn't realistic

Non-intrusive

gain vulnerability information about targeted computers and networks without actively engaging with systems (Example: Qualys SSL Labs)