38 lines
1.5 KiB
Markdown
Executable File
38 lines
1.5 KiB
Markdown
Executable File
# Classes of Vulnerabilities
|
|
|
|
- Design: Weaknesses in Software Specifications
|
|
- Implementation: Technical security bugs found in code
|
|
- Operational: Improper config and deployment of system in environment
|
|
|
|
Operational Vulnerability is likely the worst
|
|
|
|
# Types of Vulnerabilities
|
|
|
|
- Local Vulnerability: attacker requires local access to trigger the vulnerability - using a malicious piece of code attacker could escalate access privileges.
|
|
- Remote Vulnerability: attacker has no prior access to system - executing a malicious piece of code over the network could give attacker access.
|
|
|
|
# Quantification of Vulnerabilities
|
|
|
|
CVSS: Common Vulnerability Scoring System
|
|
- Uses principle characteristics of a vulnerability to produce a numerical score reflecting severity. Can be translated into qualitative representation (low->critical) to help organisations assess and prioritise vulnerability management processes
|
|
- https://www.first.org/cvss
|
|
|
|
# Attack Patterns
|
|
|
|
CAPEC: Common Attack Pattern Enumeration and Classification
|
|
- Catalogue of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other capabilities.
|
|
- https://capac.mitre.org/
|
|
|
|
# Search for Vulnerabilities
|
|
|
|
- https://cvedetails.com
|
|
|
|
# Vulnerability Scanning
|
|
|
|
- Process of using automated tools to discover and identify vulnerabilities in a network
|
|
- Range from simple scripts to commercial software engines that scan for thousands of vulnerabilities
|
|
- Can generate alot of traffic, and may result in denial of service on many devices.
|
|
|
|
## Nessus
|
|
|