GCGA Ch. 8 Comparing Scanning and Testing Tools (ST) Flashcards
(11 cards)
Port scanner
scans systems for open ports and attempts to discover what services and protocols are running on a system.
Vulnerability scanners
test security controls to identify vulnerabilities, a lack of security controls, and common misconfigurations. They are effective at discovering systems susceptible to an attack without exploiting the systems.
CVE
The Common Vulnerabilities and Exposures (CVE) is a dictionary of publicly known security vulnerabilities and exposures. The Common Vulnerability Scoring System (CVSS) assesses vulnerabilities and assigns severity scores in a range of 0 to 10, with 10 being the most severe.
Vulnerability scan false positive
a false positive from a vulnerability scan indicates the scan detected a vulnerability, but the vulnerability doesn’t exist. A false negative indicates a vulnerability exists, but the scanner did not detect it.
How should vulnerabilities be prioritized?
Vulnerabilities should be prioritized using a number of criteria, including vulnerability classification, environmental variables, industry/organizational impact, and risk tolerance/threshold.
Credentialed scans
run under an account’s context and can get more detailed information on targets, such as the software versions of installed applications. They are also more accurate than non-credentialed scans, giving fewer false positives.
Penetration test
an active test that attempts to exploit discovered vulnerabilities. It starts with a vulnerability scan and then bypasses or actively tests security controls to exploit vulnerabilities. Penetration tests may be focused on physical, offensive, or defensive objectives or they may use integrated approaches that combine these techniques. Penetration testers should gain consent prior to starting a penetration test. A rules of engagement document identifies the boundaries of the test.
Passive reconnaissance
gathers information from opensource intelligence. Active network reconnaissance and discovery uses scanning techniques to gather information. After initial exploitation, a penetration tester uses privilege escalation techniques to gain more access. Pivoting during a penetration test is the process of using an exploited system to access other systems.
Unknown, known, and partially known environment testing
testers perform a penetration test with zero prior knowledge of the environment. Known environment testing indicates that the testers have full knowledge of the environment, including documentation and source code for tested applications. Partially known environment testing indicates testers have some knowledge of the environment.
Penetration testing vs vulnerability testing
Scans can be either intrusive or non-intrusive. Penetration testing is intrusive (also called invasive) and can potentially disrupt operations. Vulnerability testing is non-intrusive (also called non-invasive).
Responsible disclosure programs for vulnerabilities
enable individuals and organizations to report security vulnerabilities or weaknesses they have discovered to the appropriate parties. Bug bounty programs are a type of responsible disclosure program that incentivizes individuals or organizations to report vulnerabilities by offering monetary or other rewards for valid submissions. The most common way to remediate a vulnerability is to apply a patch. In cases where patches are not possible, you may use a compensating control, segmentation, or grant an exception. After correcting a vulnerability, you should rescan the affected system to validate that the remediation was effective and that the vulnerability no longer exists.
