Owasp vulnerability Management Guide (ovmg) June 1, 2020
Yüklə 1,27 Mb. Pdf görüntüsü
|
|
1.3 TASK INPUT OUTPUT Run Vulnerability Tests 1.2 Optimize Tools 3.2 Remediation 1.4 Confirm Findings 2.4 Reports # TO-DO WHY 1.3.1 Scan public IP addresses Apply a non-credentialed scan, check for default passwords. The goal is to see what an attacker would see. 1.3.2 Scan private subnets Apply credentialed scans using service accounts. Using credential scans increases the rate of accuracy. Consider secure credential handling. 1.3.3 Scan/test web applications Find out how a web application could be exploited. Use a replica of the production for security testing. OWASP Vulnerability Management Guide (OVMG) - June 1, 2020 7 1.3.4 Scan/test mobile apps Find out how users may exploit a production app. 1.3.5 Test users (phishing, social engineering training) Users are the most valuable yet prone to Social Engineering assets. Use security testing to find out who is likely to click the malicious link or execute a malicious drop. Link the results to retrain users. End Goal: you should be able to run vulnerability tests as planned. 1.4 Confirm Findings 1.4 TASK INPUT OUTPUT Confirm Findings 1.2 Optimize Tools 1.3 Run Tests 2.4 Reports 1.2 Optimize Tools # TO-DO WHY 1.4.1 Check if your test results have valuable data The scan results could be incomplete, inconclusive, or contradictory. It may take some tweaking to find the right fit for each environment. Be sure to whitelist the IP associated with the scanner on the firewall side. Otherwise, the firewall might filter out any attempts to connect to various ports, meaning you will see all ports closed and no vulnerabilities. It is vital to ensure the integrity of your results before you share them with your management and teams. 1.4.2 Interpret and reconcile system/device fingerprinting across your tests Take your time and go through the results, ensuring that device fingerprinting is representative of your environment and well defined. You might want to run the discovery scans before you start running vulnerability tests. Rerun the security tests as needed. 1.4.3 Determine that running services are what they are supposed to be It is plausible that the tool may capture as a vulnerability software that is no longer in the system. You want to make sure that you adjust your tool settings to be a credible source of vulnerability discovery. 1.4.4 Find something that falls out of the pattern and investigate why You ’ll be able to explain something out of ordinary if you spot it first and find a reasonable explanation based on facts (not your opinions though). Thus, you’ll learn your tool better. 1.4.5 Randomly select vulnerabilities and confirm them with a different tool or manually Every given vulnerability may have a level of certainty and risk. Some vulnerabilities are harder to replicate or prove, and some are harder to exploit. At the end of this exercise, you may improve your pen-tester skills and learn something new about a vulnerability that may help to give it a higher or lower priority and improve your reporting. End Goal: understand the security test results; use the collected data to tune the vulnerability scanning tool for precision. |