Chapter 7. Vulnerability Mapping

Vulnerability  Mapping

Vulnerability mapping is an activity carried out to identify security flaws which can result in the compromise of a system. It is sometimes referred to as vulnerability assessment.

Types of Vulnerability
Vulnerability are classified into 3 categories namely:

  • Design Vulnerabilities  – Vulnerabilities found in the software or protocol specifications.
  • Implementation Vulnerabilities – Vulnerabilities found in the code (eg. Error handling, exception, etc).
  • Operational Vulnerabilities – Vulnerabilities found due to improper configuration and deployment target in an environment.
  • Local Vulnerability – Attacker need local access to trigger vulnerability in the target. Usually used for escalate privilege.
  • Remote Vulnerability – Attacker does not need local access to trigger and exploit the vulnerability in the target.

Vulnerability Mapping Tools
Just like the vulnerability tools, there are a lot of tools available to perform vulnerability mapping as well. Tools like OpenVas, Sqlmap, Metasploit and burp Suite etc are examples of great tools to perform a successfully vulnerability mapping. 

  • Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
  • OpenVas is a comprehensive vulnerability assessment system that can detect security issues in all manner of servers and network devices. Use this hosted version of the OpenVAS software to easily test your Internet infrastructure.
  • SqlMap  is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
  • Burp Suite  is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

 

Burp Suite Tools

  • Openssel req to generate sever.key and cartificate.der .
    Giving a valid days up to 730.
  • Import the generate keys in burp suite.
    Server.key and cartificate.der



  • Import the key into the preferences section of the browser (Firefox).

References

 

Previous Chapter | Next Chapter