Automated vs Manual Vulnerability Research -vulnerability scanners are convenient means of quickly canvassing an application for flaws eg: Nessus (Community and Commercial versions) -Advantages of using a Vulnerability Scanner
- easy to repeat and share within a team
- quick and numerous tests run efficiently
- open-source solutions are available
- cover wide range that may be hard to manually search -Disadvantages of using a Vulnerability Scanner
- too reliant on tools
- extremely “loud” with lots of traffic and logging, trigger firewalls
- licenses required for commercial uses
- often don’t find every vulnerability on an application -Vuln scanners
- Security misconfigurations: due to developer oversight(eg. explosed server info)
- Broken access control: attacker can access parts of an app they are not supposed to have access
- Insecure Deserialization: insecure processing of data sent across an application
- Injection: attacker is able to input malicious data into an app(poor sanitization of input)
Finding Manual Exploits -Rapid7: vuln research database -GitHub: host and share source code-security researchers store and share proff of concept (keyword “cve”) -searchsploit: offline copy of exploit-db
Example of Manual Exploitation -Foothold: access to the vulnerable machine’s console, possible to exploit other apps or machines on the network