Tools For Vulnerability Scanning and Penetration Testing

Similar documents
Chapter 5: Vulnerability Analysis

CSWAE Certified Secure Web Application Engineer

Certified Secure Web Application Engineer

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

RiskSense Attack Surface Validation for Web Applications

Certified Vulnerability Assessor

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

CompTIA Cybersecurity Analyst+

BEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Host Hardening Achieve or Avoid. Nilesh Kapoor Auckland 2016

Web Application Penetration Testing

Security Solutions. Overview. Business Needs

RiskSense Attack Surface Validation for IoT Systems

Trustwave Managed Security Testing

Introduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

ShiftLeft. Real-World Runtime Protection Benchmarking

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

WHITEHAT SECURITY. T.C. NIEDZIALKOWSKI Technical Evangelist. DECEMBER 2012

hidden vulnerabilities

A Model for Penetration Testing

Protect your apps and your customers against application layer attacks

Engineering Your Software For Attack

CIS 700/002 : Special Topics : OWASP ZED (ZAP)

Tiger Scheme SST Standards Web Applications

CompTIA. PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo. m/

Integrigy Consulting Overview

TexSaw Penetration Te st in g

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Definitive Guide to PENETRATION TESTING

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Principles of ICT Systems and Data Security

How were the Credit Card Numbers Published on the Web? February 19, 2004

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

Vulnerability Management

Taking White Hats to the Laundry: How to Strengthen Testing in Common Criteria

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Attackers Process. Compromise the Root of the Domain Network: Active Directory

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

Ethical Hacking and Prevention

Cyber Security Audit & Roadmap Business Process and

Penetration Testing with Kali Linux

TestBraindump. Latest test braindump, braindump actual test

Application Security Approach

CYBERSECURITY PENETRATION TESTING - INTRODUCTION

CompTIA CAS-002. CompTIA Advanced Security Practitioner (CASP) Download Full Version :

Presentation Overview

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Choosing the Right Security Assessment

Terms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course

OWASP Romania Chapter

Vulnerability Validation Tutorial

CoreMax Consulting s Cyber Security Roadmap

INNOV-09 How to Keep Hackers Out of your Web Application

Application security : going quicker

Continuously Discover and Eliminate Security Risk in Production Apps

Automating the Top 20 CIS Critical Security Controls

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

Tools for Security Testing

Improving Security in Embedded Systems Felix Baum, Product Line Manager

OWASP Top 10 The Ten Most Critical Web Application Security Risks

EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1

CS0-001.exam. Number: CS0-001 Passing Score: 800 Time Limit: 120 min File Version: CS0-001

Penetration testing using Kali Linux - Network Discovery

Penetration testing.

CyberSecurity: Top 20 Controls

Integrating Tools Into the SDLC

Applications. Cloud. See voting example (DC Internet voting pilot) Select * from userinfo WHERE id = %%% (variable)

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Bypassing Web Application Firewalls

Tiger Scheme QST/CTM Standard

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO

Ingram Micro Cyber Security Portfolio

CYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun

WEB APPLICATION SCANNERS. Evaluating Past the Base Case

CAMSCANNER TURN YOUR PHONE AND TABLET INTO SCANNER FOR

4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Procurement Language for Supply Chain Cyber Assurance

An ICS Whitepaper Choosing the Right Security Assessment

Vulnerability Management. If you only budget for one project this year...

Web Applications (Part 2) The Hackers New Target

Quick Lockdown Guide. Firmware 6.4

the SWIFT Customer Security

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Vulnerability Management & Vulnerability Assessment. Nessus Attack Scripting Language (NASL). CVE databases, NVD database

Cyber Liability Preventive Services & Tools Specific & Pre-Emptive Considerations BEFORE the Inevitable Cyber Event.

Session 5311 Critical Testing Programs for Security Operations

CS 356 Operating System Security. Fall 2013

Security Readiness Assessment

TRAINING CURRICULUM 2017 Q2

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

RBS OpenEMR Multisite Setup Improper Access Restriction Remote Code Execution of 5

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

Transcription:

Tools For Vulnerability Scanning and Penetration Testing becky.santos@provandv.com jack.cobb@provandv.com 2017 National Conference State Certification Testing of Voting Systems Austin, Texas

wledge To Transfer curity Terminology lnerabilities: Lifecycle lnerability Research and Discovery, Reverse Engineering ftware Solution Stack lnerabilities in The Software Solution Stack ply Software Stack to Voting Systems Components cking Methodology: Where Scanning Fit In mples: Some Scanning Tool TL Use of Scanning Tools, Other use nners: Pros and Cons, Key Considerations

urity Definitions erability A deficiency, error, or misconfiguration within a system which can be exploited allowing the system to be used in an unintended manner. rability Scanner Automatically tests system for KNOWN vulnerabilities to confirm presence. it Software program developed to attack an asset by taking advantage of

urity Definitions erability Assessment tration Testing Scan of network's or component s security that attempts to look for potential points of entry by hackers or malware Automated Scanning tools find common issues Manual Tester s Knowledge and expertise looks for issues missed by automated tools No breach, no compromise Report issued, problems prioritized to be later addressed Use vulnerabilities discovered to breach and prove ability to compromise Usually consists of more than technological targets (include physical, administrative, procedural, people) More representative of what real adversary COULD do. rse Engineering, Vulnerability & Exploit Research Targets technological component to understand inner workings and find

erability Lifecycle ZERO DAY Vendor Researcher Bad Actor lnerability esearch / iscovery Vulnerability Publication Responsibly Mitigation Solution Development Mitigation Detection Development Mitigation Deployment Mitigation Verification Scan Publicly Exploit Development

erability Discovery arch / Discovery / Reverse Engineering ccess to Only Fuzzing Brute Force / Trial and Error ccess to Compiled Executable Binaries Decompilers Binary Debuggers ccess to Source Code Static Code Analyzers Manual Code Inspection All methods of looking for programming errors that may result in a vulnerability! Vulnerability Research / Discovery

ware Solution Stack Custom Vendor Third Party Supporting Open Source / Commercial Web Server Apache / MS IIS Database MSSQL / Oracle Open Source / Commercial Operating System Windows / Linux / OSX/ Android Hardware Routers / Firewalls /

erability Stack es Vulnerability Research and Discovery e Engineering Custom Third Party Supporting Web Server Database Majority of KNOWN Vulnerabilities More research in these layers Availability to those performing research Exploits developed and available Easier Targets Auto Scan Tools more effective in these layers Operating System Hardware Network

HAT? US CERT 85% of breaches are preventable They are against known vulnerabilities AT S NEXT? Voting Systems How VSTL ProV&V currently uses these tools How and where can we use them in Election Systems

tion System of Systems

tion System of Systems ulness of Automated Scans

tion System of Systems of Systems Bigger Picture TLs Voting Systems State / District Vendors cal Campaigns A Compromise of Any Has an Impact of the Whole

king Methodology: re Vulnerability Scanning Fits In Vulnerability Research / Discovery Phase 1: Reconnaissance Phase 2: Scanning Mitigation Verification Scan COMPROMISED TAREGET Phase 3: Gaining Access Phase 4: Maintaining Access Phase 5: Covering Tracks Use Exploit Depends on who is scanning! More Secure Target!

work Vulnerability Scanner xamples of Vulnerabilities Identified: Missing Patches (known vulnerabilities) Insecure Server Configurations Open Ports xamples of Tools NMAP Nessus OpenVAS Retina Election System Third Party Supporting Web Server Database Operating System Network

Vulnerability Scanner SAT Dynamic Security Testing Requires Running s xamples of Vulnerabilities Identified Cross site scripting SQL Injection Command Injection Path Traversal Insecure Server Configurations xamples of Tools Zed Attack Proxy Grabber Vega WebScarab Election System Third Party Supporting Web Server Database Operating System Network

abase Scanning Specifically designed for databases Examples of Vulnerabilities Identified: Weak password policies Default accounts Security of admin accounts Misconfiguration Examples of Tools Scuba Qualys Election System Third Party Supporting Web Server Database Operating System Network

rce Code Analysis ST Static Security Testing Examples of Vulnerabilities Identified CWE Top 10 SQL Injection OS Command Injection Buffer Overflows Cross Site Scripting Missing Authentication for Critical Function Examples of Tools Coverity Cpp Check HP Fortify Parasoft Election System Third Party Supporting Web Server Database Operating System Network

zing eeding variations of unexpected input into a rogram in an attempt to uncover unexpected ehavior Election System xamples of Tools Basic Fuzzing Framework (BFF) OWASP WebScarab Peach Fuzzer Third Party Supporting Web Server Database Operating System Network

erability Assessment Comparison

of Tools ing System Voting System Third Party Supporting Web Server Database Voting System ode Analysis etwork Scanners NMAP Nessus OpenVAS SCAP Compliance Checker Operating System Network

L of Tools CAVA Static Code Analysis Web Scanner Database Scanner Voting System Third Party Supporting Web Server Database UOCAVA Ballot Delivery/Return Operating System Network

ential of Tools Voting System Static Source Code Analysis

ential of Tools e stem Network Scanning Web Scanning Database Scanning

ential of Tools Network Scanning Web Scanning Database Scanning Statewide Election Night Reporting

and Cons of Automated Scanners ider Area Coverage cheduled Automation eport Output Ranking o Help Prioritization High False Positive Rates Doesn t Fix The Problem Report Output Interpretations Point in Time Applicability New Vulnerabilities Discovered Not Covered

Considerations Ethics / Legality Written consent from system owner or high ranking authority If hosted (SaaS, IaaS, etc.), Consult SLA (Service Level Agreements), AUP (Acceptable Use Policy) Require owner to submit results of scans, RFP Expertise Understanding Election System of Systems of Systems Selecting tools appropriate tools Interpreting output Finding & implementing mitigating solutions

as for Concentration WHERE asy Targets Anything Public Internet Facing Duration of Accessibility igh Risk Targets High Data Asset Value High Election Disruption Value High Election Integrity Compromise Value WHEN Baseline Anytime modified Routine

Takeaways hat are vulnerabilities fference in Vulnerability Assessment, Pen Testing, verse Engineering hat, Where, When, Why, How, and Who of tomated vulnerability scanner

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback