Vulnerability Assessment on private networks and websites
Project Supervisor:- Sudesh Kumar
Ankit Kumar
2012ECS16
Internship Details
I am doing my internship with Berry9IT services Hyderabad. There I work as a security analyst.
Work
- Perform vulnerability assessment(VAPT)
- Monitoring of networks
- sometimes take classes
- Making own vulnerability assessment tool in python
Projects
- Completed the Audit of https://www.isecurepayments.com/iSecurePayment/
Reported 37 issues, 18 are High level Vulnerability
- Network monitoring :- CHIREC International - The school
Work to configure VPN and Monitor the whole network using NESSUS and generate the report on every week.
- Take classes :- Last time I take online class of one US client on Webinspect vulnerability Assessment
- Working on vulnerability assessment tool in python
Vunerability Assessment
vulnerability assessment, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure.
Tools and technology I have used for VAPT
Nmap:- Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Features
•Host discovery
•Port scanning
•Version detecting
•OS detection
•Scriptable interaction with the target
Tool Environment
•Runs on Linux, Windows, Mac OS X and other smaller operating systems
•GUI options:
•Zenmap
•XNMap
•NmapFE
How It Works
•DNS lookup- matches name with IP
•NMap pings the remote target with 0 byte packets to each port
•If packets are not received back, port is open
•If packets are received, port is closed
•Sends different packets with different timing to determine filtered/unfiltered, version, etc.
•Firewalls can interfere with this process
Basic NMAP scans
•When run through command prompt or terminal, entry fields are:
•Program
•Constraints on run
•Target
•Ex. > nmap –sS scanme.nmap.org
•Ex. > nmap -Db ftp.pathetic.net secret.pathetic.net
Ethical Issues
•Can be used for hacking- to discover vulnerable ports
•System admins can use it to check that systems meet security standards
•Unauthorized use of Nmap on a system could be illegal. Make sure you have permission before using this tool
2. Nessus
Nessus is a proprietary comprehensive[clarification needed] vulnerability scanner which is developed by Tenable Network Security.
Operation
Nessus allows scans for the following types of vulnerabilities:
- Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.
- Misconfiguration (e.g. open mail relay, missing patches, etc.).
- Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
- Denials of service against the TCP/IP stack by using malformed packets
- Preparation for PCI DSS audits
3. WebInspect
Vulnerability assessment tool
- It will be written in python
- How it will work:- Only you have to enter the link and click on Assessment button. Then the application will work in two major part
1. Crawl
2. Audit
- Crawl:- Crawling is the process by which my application will build the tree structure of the entire website by traversing every possible link on that site. It will check for all possible url in every page.
- Audit:- Auditing is the process of performing attacks to assess the vulnerabilities. In a
Major vulnerability it will check
- Sql injection:- SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
1. Authentication Bypass
2. Union based method
3. Error based method
4. Firewall Bypass
-
XSS:- Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
- CSRF:-Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful cross-site request forgery attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In effect, CSRF attacks are used by an attacker to make a target system perform a function (funds Transfer, form submission etc.) via the target's browser without knowledge of the target user, at least until the unauthorized function has been committed