Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Similar documents
FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Web App Security Audit Services

The Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA

Manipulating Microsoft SQL Server Using SQL Injection

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Recommended Practice Case Study: Cross-Site Scripting. February 2007

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Web Application Security

Last update: February 23, 2004

IBM Protocol Analysis Module

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Penetration Test Report

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

5 Simple Steps to Secure Database Development

AN OVERVIEW OF VULNERABILITY SCANNERS

GFI White Paper PCI-DSS compliance and GFI Software products

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Network Threats and Vulnerabilities. Ed Crowley

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

MWR InfoSecurity Security Advisory. BT Home Hub SSID Script Injection Vulnerability. 10 th May Contents

Passing PCI Compliance How to Address the Application Security Mandates

Running a Default Vulnerability Scan

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

CDM Vulnerability Management (VUL) Capability

Software Vulnerability Assessment

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Sitefinity Security and Best Practices

Penetration Testing Service. By Comsec Information Security Consulting

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Running a Default Vulnerability Scan SAINTcorporation.com

Symantec Endpoint Protection Analyzer Report

Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

OWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair

Windows Operating Systems. Basic Security

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

WHITEPAPER. Nessus Exploit Integration

Pentests more than just using the proper tools

Pentests more than just using the proper tools

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

Common Security Vulnerabilities in Online Payment Systems

The Top Web Application Attacks: Are you vulnerable?

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Hardening Joomla 1. HARDENING PHP. 1.1 Installing Suhosin. 1.2 Disable Remote Includes. 1.3 Disable Unneeded Functions & Classes

Application Security Testing. Generic Test Strategy

McAfee Vulnerability Manager 7.0.2

Advanced Web Security, Lab

Columbia University Web Security Standards and Practices. Objective and Scope

FREQUENTLY ASKED QUESTIONS

Using Foundstone CookieDigger to Analyze Web Session Management

How To Classify A Dnet Attack

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Foundstone ERS remediation System

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Streamlining Web and Security

Application security testing: Protecting your application and data

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

Cross-Site Scripting

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Shellshock. Oz Elisyan & Maxim Zavodchik

Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006

INFORMATION SECURITY REVIEW

Nessus scanning on Windows Domain

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Penetration Testing in Romania

Web Application Vulnerabilities and Avoiding Application Exposure

Detecting SQL Injection Vulnerabilities in Web Services

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

IBM Managed Security Services Vulnerability Scanning:

Network and Host-based Vulnerability Assessment

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Vulnerability Assessment and Penetration Testing

HTTPParameter Pollution. ChrysostomosDaniel

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

What is Web Security? Motivation

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

SecurityMetrics Vision whitepaper

Penetration Testing Report Client: Business Solutions June 15 th 2015

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

TIME TO LIVE ON THE NETWORK

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report

Commissioners Irving A. Williamson, Chairman Daniel R. Pearson Shara L. Aranoff Dean A. Pinkert David S. Johanson Meredith M.

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Web Application Security How to Minimize Prevalent Risk of Attacks

MWR InfoSecurity Security Advisory. pfsense DHCP Script Injection Vulnerability. 25 th July Contents

Security Testing and Vulnerability Management Process. e-governance

Web Vulnerability Assessment Report

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

WEB APPLICATION VULNERABILITY STATISTICS (2013)

Transcription:

SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com

Introduction While network vulnerability scanning is an important tool in proactive network security, penetration testing is the next step. This paper describes the various types of vulnerabilities that can threaten computer networks; explains network vulnerability scanning and penetration testing; and shows the benefits of the integrated SAINT solution. What are Vulnerabilities? A vulnerability is anything running on a computer that could directly or indirectly lead to the compromise or breach of confidentiality, integrity, or availability of information or services anywhere on the network: Confidentiality breach unauthorized read access Integrity breach unauthorized creation, modification, or deletion of files Availability breach denial of service Types of Vulnerabilities General types of vulnerabilities include the following: Passwords that are missing or easily guessed. Insecure file sharing resulting from NFS and SMB protocols which have been set up incorrectly. Excessive trust which results from.rhost or hosts.equiv files that have been configured incorrectly. Buffer overflows are a more sophisticated vulnerability, usually caused by fixed-length strings in program code. A usersupplied parameter is copied into the fixed-length string. However, a specially crafted string could overflow the buffer and overwrite stack pointers causing a redirect of the program flow to arbitrary code being placed on the stack, or a denial-of-service. Missing format strings are another sophisticated type of vulnerability. Some function calls require format strings (for example, two strings separated by a space: %s %s ). If the format string is missing, the user can sometimes provide his or her own. Format specifiers such as %n can be used to overwrite key memory pointers. Web application vulnerabilities can also cause breaches in network security: Lack of parameter checks can result in a network breach if special characters are input into CGI programs such as the following:../ could allow escape from the Web root or ; could allow shell commands For example: http://host/cgi-bin/program?file=../../../../etc/ passwd Cross-site scripting caused by Web servers or applica- 2 3

tions which echo <SCRIPT> tags or JavaScript references could be used by a malicious Web site to trick users into executing arbitrary scripts in the security context of the vulnerable site. (For example: http://host/ search?query=<script>alert()</script>) PHP Remote File Include PHP programs include or require code from other files. Some programs can be tricked into including code from a remote Web site. An attacker could host malicious code on his or her own Web site and cause it to be executed by the victim. SQL Injection is caused by database applications which place user input directly into SQL queries. SELECT a FROM table WHERE id= $id could allow unauthorized database access. (For example: http://host/search?id=1 +UNION+SELECT+p assword+from+table+where+id=id) Malicious content vulnerabilities are client-side vulnerabilities allowing command execution. Web browsers, media players, virus scanners, or instant messaging clients can all be used to to trick a user into opening a malicious Web page or file. For instance, Click here to get rich now! Since the action is initiated by the user, the exploit is not blocked by the firewall. Network Vulnerability Scanning Proactive network security means finding the holes in your network before the attackers do. Vulnerability scanning helps to protect against both external threats like attackers and worms, and internal threats such as malicious users within the network. A network scanner detects vulnerabilities which are or might be present. The results of the scan will depend on the placement of the scanning machine. A vulnerability can only be detected if the scanning host has access to the vulnerable service. Since scanning through a router or firewall could hide internal vulnerabilities, it is best to place the scanner inside the firewall so it can scan for both internal and external vulnerabilities as shown in the placement of the blue scanner in the diagram below. The red scanner in the diagram can only scan for external vulnerabilities because it is placed outside of the firewall. Vulnerability Scan Results Vulnerability scan results serve multiple purposes. They provide an overview of the security of the network as well as a description of all vulnerabilities and potential problems, and how to fix them. Scan results also provide other useful information such as network services offered, operating system types, and host and NetBIOS names. 4 5

6 7

Vulnerability Scanning Cycle Networks should be scanned periodically to Check that old vulnerabilities have been fixed. Check for new vulnerabilities created as a result of new hosts, upgrades of existing hosts, or new services on existing hosts. Check for newly announced vulnerabilities that were previously unknown; use the latest version of the scanner software. The number of vulnerabilities reported each year has grown tremendously in the recent past as shown in the graph below. There are four times as many vulnerabilities reported today as there were five years ago and 88 times as many vulnerabilities reported today as ten years ago. Reference: nvd.nist. 8 9

While the number of reported vulnerabilities has increased, fewer and fewer of the reported vulnerabilities are high severity, as shown in the following graph. Challenges The existence of thousands of known vulnerabilities has resulted in longer vulnerability scan reports and made it difficult for administrators to assess the true impact and determine what an attacker could really gain. It is difficult for administrators to prioritize this multitude of vulnerabilities and know where to begin remediation efforts. The Next Step Penetration Testing Penetration testing is the next step in proactive network security. It can help overcome the challenges mentioned above by assessing the real impact of vulnerabilities on a network and by prioritizing remediation. Vulnerability assessment and penetration testing go hand-in-hand. Vulnerability assessment results can be used as a starting point for a penetration test. (High = CVSS Base Score 7.0-10.0) Reference: nvd.nist.gov What is Penetration Testing? Penetration testing is the act of assessing the security of your network by attempting to penetrate it by simulating the actions of an attacker. Penetration testing is authorized and scheduled, and will probably be detected by an IDS. Penetration testing is done with either manual or automated tools, 10 11

such as SAINTexploit. The penetration test can gather evidence of a vulnerability including reading and writing files, executing commands, or taking screen shots. Benefits of Penetration Testing A successful penetration test provides indisputable evidence of the problem as well as a starting point for prioritizing remediation. Penetration testing focuses on high-severity vulnerabilities and there are no false positives. Drawbacks of Penetration Testing Penetration testing focuses on vulnerabilities that allow command execution. Most command-execution vulnerabilities are buffer overflows, which inherently run the risk of crashing computers or services. However, automated penetration tests schedule the exploits from least to most dangerous. Another drawback is false negatives because buffer overflow exploits require precision within varying memory states. In addition, penetration testing only detects vulnerabilities which lead to penetration; this excludes cross-site scripting, denial of service, information gathering, etc. Exploits An exploit is a program designed to demonstrate the presence of a specific vulnerability usually by executing commands on the target. Penetration testing works by running a series of exploits that are chosen based on the target s operating system and running services. There are three types of exploits: Remote an initial break-in; exploitable by a remote user through a network service Local privilege elevation; exploitable by an attacker who is already on the system Client exploitable when a user is tricked into loading an attacker-supplied file Advantages of Integrated Vulnerability Scanning and Penetration Testing Because vulnerability scanning and penetration testing go hand-in-hand, an integrated solution with a single graphical user interface makes it easy to take network security to a higher level. With an integrated solution, such as SAINT, the results from the vulnerability scan link directly to the exploit. 12 13

The SAINT solution SAINT Corporation is the first developer of integrated vulnerability scanning and automated penetration testing software. The SAINTexploit penetration test tool examines potentially vulnerable services discovered by the SAINT network vulnerability scanner, and exploits the vulnerability to prove its existence without a doubt. The file browsing, command execution, and screen capture capabilities resulting from a successful exploit provide undeniable evidence of a network vulnerability. SAINT s integrated interface is easy to use with tabs for both vulnerability scanning and penetration testing. Vulnerability scanning and penetration testing provide a snapshot of the network s security at a specific point in time. As depicted in the SAINT VulnerabilityLife Cycle Solution diagram, network security requires a continuous process of scanning and testing because as soon as the tests are complete, any application or system change can result in new vulnerabilities. Summary SAINT updates are automatic and frequent. SAINT s reports range from executive summary to technical detail including a trend analysis option that allows you to quantitatively analyze your remediation program. Each report has configurable options with colorful graphs and tables to help you quickly identify problem areas. Vulnerability scanning is only the first step in proactive network security. Penetration testing is the next step because it focuses on the high-severity vulnerabilities and provides a starting point for prioritizing remediation. 14 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information