Vulnerabilities and Exploits
What is a Security Vulnerability?
A security vulnerability is a weakness an adversary could take advantage of to compromise the confidentiality, availability, or integrity of a resource.
In this context a weakness refers to implementation flaws or security implications due to design choices. For instance, being able to overrun a buffer’s boundaries while writing data to it introduces a buffer overflow vulnerability. Examples of notable vulnerabilities are Heartbleed, Shellshock/Bash and POODLE.
Public Vulnerability Repositories
Zero-day vulnerabilities are vulnerabilities that have not been publicly disclosed and are kept private. There are several public vulnerability repositories available that allow interested parties to have easy access to information regarding known vulnerabilities. The most prominent vulnerability repositories are CVE, NVD and OVAL. CVE has established a referencing system for registering vulnerabilities called the CVE identifier (CVE-ID). CVE-IDs usually include a brief description of the security vulnerability and sometimes advisories, mitigation measures and reports.
Vulnerability Management
Vulnerability management identifies, classifies, evaluates, and mitigates vulnerabilities. IT security professionals perform the vulnerability management process in an organised and timely manner by following the steps described below:
Preparation: Define the scope of the vulnerability management process.
Vulnerability Scanning: Vulnerability scanners are automated tools that scan a system for known security vulnerabilities providing a report with all the identified vulnerabilities sorted based on their severity. Known vulnerability scanners are Nexpose, Nessus and OpenVAS.
Identification, Classification and Evaluation of the Vulnerabilities: The vulnerability scanner provides a report of the identified vulnerabilities.
Remediating Actions: The asset owner determines which of the vulnerabilities will be mitigated.
Rescan: Once the remediating actions are completed, a rescan is performed to verify their effectiveness.
Penetration Testing
Penetration testing is the assessment of the security of a system against different types of attacks performed by an authorised security expert. The tester attempts to identify and exploit the system’s vulnerabilities. The difference between a penetration test and an actual attack is that the former is done by a tester who has permission to assess the security of the system and expose its security weaknesses. In addition the tester is given certain boundaries to operate and perform this task.
There exist some confusion in the mind of the public over penetration testing and vulnerability scanning. The two approaches actually complement each other, with vulnerability scanning being one of the first steps of a penetration test.
What is an Exploit?
An exploit is the specially crafted code adversaries use to take advantage of a certain vulnerability and compromise a resource.
Exploit Kits
Exploit Kits are tools embedded in compromised web pages which automatically scan a visitor’s machine for vulnerabilities and attempt to exploit them. If the exploit succeeds the kit injects malware to the user’s system. It is very alarming for information security professionals that the ease of use and the friendly interface of Exploit Kits allow non-expert users to deploy them as well.
Figure 1 Source: Manufacturing Compromise: The emergence of Exploit-as-a-Service