- What level of proof do you need to identify to convey the importance (or importance) of a vulnerability to the organization?
- What would the organization and IT think is an appropriate amount of the IT staffs time that you can request to get the information you need?
- Treat the data and analyses of this step with the utmost security.
- Use VPNs or Tor to search if scanning remotely.
- Seek explicit permission for vulnerability scanning - NOTE: The organization might not be in a position to give you meaningful “permission” to carry out an active remote assessment of "cloud services" used within the organization.
- In situations where the auditor is doing this work remotely it is important to only run "safe" tests that have no possibility of causing damage to the network.
- Vulnerability Scanning: : General TCP/IP and networking knowledge; knowledge of ports, protocols, services, and vulnerabilities for a variety of operating systems; ability to use automated vulnerability scanning tools and interpret/analyze the results
- Penetration Testing: Extensive TCP/IP, networking, and OS knowledge; advanced knowledge of network and system vulnerabilities and exploits; knowledge of techniques to evade security detection
- Lists of OVAL/CVE identifiers for each possibly vulnerable service/system.
- Examples of live exploits for vulnerabilities where possible.
- A short write up of each vulnerability including how it was identified.
- The cleaned up output from any tests used to identify the vulnerability.
Document Vulnerabilities (per vulnerability)
- Summary - A short (two to three sentence) basic overview of the vulnerability, including a discussion of potential impacts.
- Description - An in-depth (one to three paragraph) overview of the vulnerability.
- Approach - Step-by-step explanation of the methodology used that is tool agnostic.
- Proof - The cleaned up output from tests run to identify the vulnerability.
- Standard: "Vulnerability Analysis - Research Phase" (Penetration Testing Execution Standard)
- Framework: "Vulnerability Assessment" (http://www.vulnerabilityassessment.co.uk)
- Resource: Vulnerability Databases (SAFETAG)
- Security Advisories: microsoft_security_bulletin^,^ind_univ_external_advisories^,^oss_security_advisories^,^cert_cc_advisories^,^security_tracker^,^mozilla_vulns
- Standard Vulnerability Analysis - Research Phase (Penetration Testing Execution Standard)
- Framework Vulnerability Assessment (http://www.vulnerabilityassessment.co.uk)
- Database "Open Sourced Vulnerability Database"
- Database "CVE Details"
- Database Search CVE and CCE Vulnerability Database
- Database "Threat Explorer"
- Database "The Exploit Database"
- Database "Security Focus Vulnerability Search"
- Poster Ultimate Pen Test 2013 (SANS Institute)
- Security Advisories microsoft_security_bulletin^,^ind_univ_external_advisories^,^oss_security_advisories^,^cert_cc_advisories^,^security_tracker^,^mozilla_vulns
- Site: "OWASP ZAP Project Site" (OWASP)
- Guide: "The OWASP Testing Project Guide" (OWASP)
- User Guide: "OWASP Zap User Guide" (Google Code)
- Video Tutorials: "OWASP ZAP Tutorial Videos" (Google Code)
- Guide: "7 Ways Vulnerability Scanners May Harm Website(s) and What To Do About It" (White Hat Sec Blog)
- Article: "14 Best Open Source Web Application Vulnerability Scanners" (InfoSec Institute)
- Project Site: "OpenVAS Project Site" (OpenVAS)
- Manual: "OpenVAS Compendium" (OpenVAS)
- Guide: "Creating OpenVAS "Only Safe Checks" Policy"
- Guide: "How To Use OpenVAS to Audit the Security of Remote Systems on Ubuntu 12.04" (Digital Ocean)
- Guide: "Getting Started with OpenVAS" (Backtrack Linux)
- Guide: "Setup and Start OpenVAS" (OpenVAS)
- Video Guide: "Setting up OpenVAS on Kali Linux" (YouTube)
- ListServ: "OpenVAS Discussion ListServ" (OpenVAS)
- Comparison: "Nessus, OpenVAS and Nexpose VS Metasploitable" (HackerTarget)
- Guide: "VoIP Security Checklist" (ComputerWorld)
- Overview: "The Vulnerability of VoIP" (Symantec)
- Research: "Researchers find VoIP phones vulnerable to Simple Cyber attacks" (Security Intelligence)
- Tool: "Vsaudit (Eurialo)" (Eurialo) Overview: "Two attacks against VoIP" (Symantec)
- Overview: VOIP analysis Fundamentals(Wireshark)
- Tool: WireShark VOIP Capabilities
Website Vulnerability Scanning:
System Vulnerability Scanning:
Incident Handling Resources:
Vulnerability Scanning_While much of SAFETAG focuses on digital security challenges within and around the office, remote attacks on the organization's website…
Vulnerability Research_After scanning and identifying which (if any) vulnerabilities are present within the software and systems of an organization, dig deeper to…
Website Footprinting_Using online tools as a starting point in assessing the auditee web application is a good way to expand online reconnaisance as well as…
Web Vulnerability Assessment_Organizational websites are often a central part of their work, but resource constraints can leave them vulnerable to a wide variety of…
VoIP Security Assessment_VoIP technologies are commonly used nowadays as it provides an alternate flexible way of communication. With its numerous benefits, from…
Check Config Files_Examine configuration files for vulnerabilities using "hardening", or "common mistake" guides found online.
Router Based Attacks_Many wireless routers still use the default password listed in “Router Default Password Search”, meaning that anyone with access to the…