It is not a scan or a one-time project. Vulnerability Management is a “program” which organizations might use. The goal is to continuously identify vulnerabilities. Then, they must address these vulnerabilities in appropriate ways. It can contain many different projects like:
- Identifying Assets That Should Be Tested. Risk Assessment. Information Management. Vulnerability Assessment. Incident Response Planning. Remediating The Found Vulnerabilities. Verifying That The Vulnerabilities Has Been Fixed. Etc.
What, Why and How?
It is the process of identifying, analyzing and ranking vulnerabilities.
- No exploitation of vulnerabilities
- Mostly automated but can be done manually
- Vulnerability Scanning: Vulnerability Scanning is the process of using Vulnerability Scanners. These are automated tools that scan or inspect a given system. They identify potential harmful vulnerabilities, misconfigurations, or flaws in it. Apart from identifying weaknesses, it can also predict the effectiveness of countermeasures. Of course, since it is done by using automated tools, it may sometimes give inaccurate results.
Examples of Vulnerability Scanning software: Nessus, OpenVAS, Nexpose, etc. - Vulnerability Assessment: Vulnerability Assessment is not actually a scan. It is a one-time project. It has a defined start and end date. Usually, an external Information Security Consultant will review your corporate environment. They will identify a variety of potentially exploitable vulnerabilities. You are exposed to these vulnerabilities in a detailed report. The report will not only list the identified vulnerabilities, but also provide actionable recommendations for remediation. Once a final report is prepared, the vulnerability assessment ends.
During such a project, you might do both kind of things:- Vulnerability Scanning (which is the Automated part)
- Manual Vulnerability Identification (which is the Manual part)
So, as you can see, vulnerability scanning is just a part of the overall process during a vulnerability assessment project.
Basic Terms which will be used:
| Vulnerability – It is a lack of a countermeasure or a weakness in a countermeasure that is in place. | Asset – Anything valuable to an organization |
| Risk – Probability of exploiting a vulnerability | Scope – List of targets which are allowed to test |
| Payload – Exploit contains payload which is sent to target | Exploit – method to take advantage of the vulnerability |
| False positive | False negative |
Steps involved:
- Planning
- Testing
- Information Gathering
- Vulnerability analysis
- Exploitation
- Post exploitation
- House Cleaning
- Reporting
Information Gathering
- Active Information gathering – Trying to gather information about the target by interacting with the target. Tools: ping, nslookup, nmap, durbster, wpscan, hackertarget, etc.
- Passive information gathering – Trying to gather information about the target without directly interacting with the target. Tools: Google Dorks, exploit DB, whois, builtwith, wappalyzer, robtex.com, intodns, ssllabs, securityheaders.com, social searcher, shodan, wayback machine, source code, robots.txt, maltego, etc.
Manual VM tools
- securityfocus
- zerodayinitiative
Discover more from Information Security Blogs
Subscribe to get the latest posts sent to your email.
