March 9, 2016

GHR 106 – Vulnerability Scanners

Objectives:

  • Topic 106.1 – Using Vulnerability Scanners
  • Topic 106.2 – Source Code Scanners
  • Topic 106.3 – Web Application Scanners

Topic 106.1 – Using Vulnerability Scanners

  • RULE : A vulnerability scanner is a software application that automates the task of checking computers, network devices, peripherals, mobile devices, etc. for known weaknesses and exploits.
  • RULE : Vulnerability scanners should be constantly updated in order to check for the latest attack vectors.
  • RULE : Vulnerability scanning software can be used for both offensive and defensive security assessments.
  • RULE : The default configuration of Vulnerability scanners typically will you get noticed by the defensive security teams by both the volume and type of traffic that they generate.
  • RULE : Some vulnerability scanners are free, such as these:
    • OpenVAS, not pretty to look at, but it’s free.
    • Rapid7 Nexpose Community Edition, only 32 IPs.
  • RULE : Some vulnerability scanners have subscription based licensing and are installed on your laptop:
    • Nessus Professional, unlimited IP scans, annual cost is $2190.  Gingsoft recommends this one for the money.
    • Retina, unlimited IP scans, annual cost is $1700.
    • Rapid7 Nexpose Consultant Edition, the cost is too stupid to mention (5 times as much Nessus) and the performance is pretty bad.
  • RULE : Some vulnerability scanners are cloud based:
    • Acunetix, single IP $345 up to 50 IP addresses cost over $10,000.
    • Nessus Cloud, annually starting at nearly $3000 and you can only 128 IP addresses.

Topic 106.2 – Source Code Scanners

  • RULE : Source code scanners are used to audit source code for security vulnerabilities.
  • RULE : Source code scanners can look for potential vulnerabilities:
    • Buffer overflows
    • Cross-site scripting (a.k.a. XSS).
    • Hard coded usernames and passwords.
    • Insecure files includes.
    • Privilege escalations
    • Race conditions.
    • SQL injection.
    • Un-validated user input.
  • RULE : Open source (free) source code scanners are:
    • Brakeman, scans Ruby on Rails (RoR) applications.
    • Codesake Dawn, scans Padrino, Sinatra and Ruby on Rails (RoR) applications.
    • FindBugs, scans Java applications.
    • Flawfinder, scans C and C++ applications.
    • FxCop, scans the .NET Framework CLR.
    • Google CodeSearchDiggity, uses Google hacking techniques to find vulnerabilities in open source code projects hosted by Google Code, MS CodePlex, SourceForge, Github, etc.
    • OWASP SWAAT Project, scans ASP .Net, Java, and PHP applications.
    • PreFast, scans C and C++ applications.
    • RATS, scans C, C++, Perl, PHP and Python applications.
    • RIPS, PHP applications.
    • VCG, scans C, C++, C#, Java, PL/SQL applications.
  • RULE : Commercial source code scanning services are:

Topic 106.3 – Web Application Scanners