G4G0-2/Penetration Testing/Week 7/Lecture 7 - Vulnerability Scanning.md

# Classes of Vulnerabilities

- Design: Weaknesses in Software Specifications
- Implementation: Technical security bugs found in code
- Operational: Improper config and deployment of system in environment

Operational Vulnerability is likely the worst

# Types of Vulnerabilities

- Local Vulnerability: attacker requires local access to trigger the vulnerability - using a malicious piece of code attacker could escalate access privileges.
- Remote Vulnerability: attacker has no prior access to system - executing a malicious piece of code over the network could give attacker access.

# Quantification of Vulnerabilities

CVSS: Common Vulnerability Scoring System

- Uses principle characteristics of a vulnerability to produce a numerical score reflecting severity. Can be translated into qualitative representation (low->critical) to help organisations assess and prioritise vulnerability management processes
- <https://www.first.org/cvss>

# Attack Patterns

CAPEC: Common Attack Pattern Enumeration and Classification

- Catalogue of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other capabilities.
- <https://capac.mitre.org/>

# Search for Vulnerabilities

- <https://cvedetails.com>

# Vulnerability Scanning

- Process of using automated tools to discover and identify vulnerabilities in a network
- Range from simple scripts to commercial software engines that scan for thousands of vulnerabilities
- Can generate alot of traffic, and may result in denial of service on many devices.

## Nessus