Penetration Testing with Kali Linux OffSec
|
|
National Institute of
Standards and Technology (NIST) 287 lists the range of the base score and associated severity for CVSS v2.0 and CVSS v3.0. Figure 33: CVSS Ratings 280 (CAPED Mitre, 2021), https://capec.mitre.org/data/definitions/292.html 281 (NIST, 2022), https://nvd.nist.gov 282 (CVE MITRE, 2022), https://cve.mitre.org/cve/search_cve_list.html 283 (CVE MITRE, 2022), https://cve.mitre.org 284 (NIST, 2022), https://nvd.nist.gov/vuln-metrics/cvss 285 (First, 2007), https://www.first.org/cvss/v2/guide 286 (First, 2019), https://www.first.org/cvss/user-guide 287 (NIST, 2022), https://www.nist.gov/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 165 To obtain a CVSS score, we can review the CVE in a vulnerability database, or if there is no CVE assigned, we can use a CVSS calculator . 288 In 2019, CVSS v3.1 was released, which clarified and improved the existing version. We need to be aware that the results of a vulnerability scan can be incomplete or contain wrongfully detected vulnerabilities. A false positive 289 occurs when a vulnerability is detected but the target is not actually vulnerable. This can happen through a wrong service and version detection or a configuration that makes the target unexploitable. False positives can also occur when patches or updates are backported , 290 meaning that security fixes are applied to an older version of software. False negative 291 is another important term. It occurs when a vulnerability is missed by the vulnerability scanner. In a penetration test, we often need to find the right balance between manual and automated vulnerability scanning. Let’s explore both options briefly. A manual vulnerability scan will inevitably be very resource intensive and time consuming. When there is a huge amount of data to analyze, we often reach our cognitive limit quickly and overlook vital details. On the other hand, manual vulnerability scanning allows for the discovery of complex and logical vulnerabilities that are rather difficult to discover using any type of automated scanner. Automated vulnerability scans are invaluable when working on engagements for a multitude of reasons. First, in nearly all types of assessments, we have time constraints. Therefore, when we have a big enterprise network to scan, we cannot manually review every system. This is especially true when thinking about new or complex vulnerabilities. Second, by using automated scanners, we can quickly identify easily-detected vulnerabilities and other low-hanging fruit. We should take the time to explore the inner-workings of every automated tool we plan to use in a security assessment. This will not only assist us in configuring the tool and digesting the results properly, but will help us understand the limitations that must be overcome with manually applied expertise. 7.1.2 Types of Vulnerability Scans In this section, we will examine internal and external as well as unauthenticated and authenticated vulnerability scans. The location we perform the vulnerability scan from determines the target visibility. If a client tasks us with an external vulnerability scan, they mean to analyze one or more systems that are accessible from the internet. Targets in an external vulnerability scan are often web applications, systems in the Yüklə Dostları ilə paylaş:
|