Vulnerability is a weakness or flaw in the organization which a malicious hacker can exploit to compromise the integrity, confidentiality and availability of the product or information. Examples of common vulnerabilities are:
Threat is anything that has the potential to cause a serious harm to a computer system or to an organization. It can also be described as anything that would contribute to the tampering, destruction or interruption of any service or item of value. According to NIST, threat is the potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability. Threat sources can be natural, human, or environmental.
Examples of threats are:
According to NIST, Risk is a function of the likelihood of a given threat-source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Risk is a combination of threat and vulnerability.
In order to determine the likelihood of a future adverse event, threats to an IT system along with the potential vulnerabilities and the controls in place for the IT system must be analyzed. Impact refers to the magnitude of harm that could be caused by a threat's exercise of vulnerability.
VAPT helps organization take preventive measures against malicious attacks by attacking the system itself while staying within legal limits. It ensures the security proofing of an organization.
The reasons to do VAPT include:
Vulnerability scan or vulnerability assessment is done to find out known vulnerabilities in a system. Vulnerability assessment tools such as Nessus, OpenVas are used for assessment. They help identify the vulnerability but do not distinguish between flaws that can be exploited to cause damage and those that cannot. Scanning is done continuously, especially after new equipment is loaded. Vulnerability assessment focuses on:
Penetration tests also called pen test is an attempt to exploit the vulnerabilities in a system. This is done in the way that hackers use in order to exploit the system vulnerabilities. This is done at least once in a year. This helps us to determine whether unauthorized access or other malicious activity is possible into the system and also identify which flaws pose a threat to the application. The goal of a penetration test is to identifying actual risk. Pen test focuses on:
VAPT can be performed in the following phases:
Test preparation Phase :
In this phase, testers and organization need to decide on scope, objective, time and duration of the test. All the necessary documents and agreements must be made ready and agreed by both the parties. While performing assessments and tests, the scope of the assignment needs to be clearly defined. The scope is based on the assets to be tested. The following are the three possible scopes that exist :
Test Phase :
Actual testing is done in this step
Information Gathering : The process of information gathering is to obtain as much information as possible about the IT environment such as networks, IP addresses, operating system version, etc. This is applicable to all the three types of scope as discussed earlier.
Scanning : In this process, tools such as vulnerability scanners are used, and vulnerabilities are identified in the IT environment by way of scanning. The information gathering in the previous step is used for scanning and assessing the target network space.
Vulnerability Analysis and Planning : This process is used to analyze the identified vulnerabilities, combined with the information gathered about the IT environment, to devise a plan for penetrating into the network and system. Vulnerabilities are priorities based on their severity and impact.
Penetration Testing : In this process, the target systems are attacked and penetrated using the plan devised in the earlier process.
Privilege Escalation : After successful penetration into the system, this process is used to identify and escalate access to gain higher privileges, such as root access or administrative access to the system.
Result Analysis: This process is useful for performing a root cause analysis as a result of a successful compromise to the system leading to penetration, and devise suitable recommendations in order to make the system secure by plugging the holes in the system.
Reporting phase :
All the findings that are observed during the vulnerability assessment and penetration testing process need to be documented, along with the recommendations, in order to produce the testing report to the management for suitable actions. Cleanup Vulnerability assessment and penetration testing involves compromising the system, and during the process, some of the files may be altered. This process ensures that the system is brought back to the original state, before the testing, by cleaning up (restoring) the data and files used in the target machines.
Website VAPT or Website vulnerability assessment and penetration testing is a step by step procedure to determine the security of the website by finding the vulnerabilities if any and taking appropriate actions against them. The security can be assessed from the point of view of an end user, an admin and from anonymous user. Some of the vulnerabilities that can be found out using website VAPT are:
SQL injection is a web attack technique where the attacker makes an application runs the code which is not intended to. It is considered as a user input vulnerability. Hackers use this method to steal information from organizations.
SQL Map is a tool which can be used to detect this attack.
Cross site scripting
Cross-site Scripting also called XSS or CSS are attacks that occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. It leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.
Accunetix is a tool which can be used to find this vulnerability
Xpath Injection :
XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.
Accunetix cen be used to detect the same
Cookie poisoning :
Cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft. The attacker may use the information to open new accounts or to gain access to the user's existing accounts.
Buffer overflow :
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.
Directory traversal/Unicode :
Directory Traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory. Accunetix can be used to find this out
Improper error handling:
Error messages can reveal implementation details that should never be revealed giving a hacker clues on potential flaws
Cookies are small text files or messages that a web server passes to the web browser when an internet site is accessed. It can be considered as an identity card. Cookies are created when you first visit a website. Upon each visit to the website again the browser passes the cookie back to the web server. This helps to track web site activity of individuals. A cookie consists of the following 7 components:
A honeypot is an information system designed to attract potential hackers who attempt to penetrate an organization's network. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network. Most honeypots are installed inside a firewall. A honeypot logs in access attempts and keystrokes of the hacker. Thus honeypot fools attackers by making them believe it is a legitimate system. They attack the system without knowing that they are being observed.
Penetration Testing Services
A typical website penetration testing service comprises of simulation of real life hacking methodologies. It encompasees various security attack vectors and exploitation of potential vulnerabilities.
We follow a systematic and yet agile approach to test website security. This helps our customers gain an extremly accurate and elaborate results along with a knowledge base and years of experience on the subject matter.
Security testing is a continuous improvement process to get benefited in terms of increasing ROI (Returns On Investment). Benefits of a pen-test are short term as well as long term.
Please see a list of key vulnerabilities which must be tested while performing a website or webportal penetration testing.
Valency Networks is a very agile, friendly and fun loving atmosphere and yet we maintain a cutting edge technical vibrant work environment.