2.1 Given a scenario, implement vulnerability scanning methods and concepts.
📘CompTIA CySA+ (CS0-003)
This section is very important for the CySA+ exam. You must understand how vulnerabilities are found in applications, systems, and software using different analysis methods.
We will explain everything in simple and clear English so both IT and non-IT learners can understand.
1. Static vs. Dynamic Analysis
These are two major techniques used to identify vulnerabilities in applications.
1.1 Static Analysis (SAST – Static Application Security Testing)
What is Static Analysis?
Static analysis means examining the source code of a program without running it.
The software is analyzed while it is at rest.
Think of it as reviewing the blueprint of a building before construction.
How It Works
Security tools scan:
- Source code (Java, C#, Python, etc.)
- Bytecode
- Compiled code
The tool checks for:
- Insecure coding practices
- Hardcoded passwords
- SQL injection vulnerabilities
- Buffer overflow risks
- Weak encryption use
- Improper input validation
When Is It Used?
- During development
- Before the application is deployed
- As part of Secure Software Development Lifecycle (SDLC)
- In CI/CD pipelines (automated code testing before release)
Advantages of Static Analysis
- Detects vulnerabilities early
- Helps developers fix issues before production
- Does not require the application to run
- Safer because it does not interact with live systems
Limitations of Static Analysis
- Cannot detect runtime issues
- May produce false positives
- Cannot see how the application behaves when running
Exam Tip
If the question says:
- “Code review”
- “Source code analysis”
- “Analyzing software before execution”
- “Secure coding review”
The answer is likely Static Analysis (SAST).
1.2 Dynamic Analysis (DAST – Dynamic Application Security Testing)
What is Dynamic Analysis?
Dynamic analysis means testing an application while it is running.
The application is tested in a live or test environment.
How It Works
The security tool:
- Runs the application
- Sends inputs (normal and malicious)
- Observes outputs
- Monitors system behavior
It checks for:
- Authentication flaws
- Session management issues
- Runtime errors
- Misconfigurations
- Server-side vulnerabilities
When Is It Used?
- After the application is deployed in a test or staging environment
- During penetration testing
- During vulnerability assessments
Advantages of Dynamic Analysis
- Detects runtime issues
- Finds real-world exploitable vulnerabilities
- Tests how the application behaves under attack
Limitations of Dynamic Analysis
- Cannot see internal source code issues
- May miss hidden code paths
- Requires the application to be running
- Can impact performance
Exam Tip
If the question says:
- “Testing running application”
- “Live web application testing”
- “Black-box testing”
- “Observing system behavior during execution”
The answer is likely Dynamic Analysis (DAST).
1.3 Static vs. Dynamic – Key Differences
| Feature | Static Analysis | Dynamic Analysis |
|---|---|---|
| Application running? | No | Yes |
| Looks at source code? | Yes | No |
| Finds runtime issues? | No | Yes |
| Used during development? | Yes | Usually later |
| Type of testing | White-box | Black-box |
2. Reverse Engineering
What Is Reverse Engineering?
Reverse engineering is the process of analyzing compiled software to understand how it works.
It is used when:
- Source code is not available
- Malware needs to be analyzed
- Security vulnerabilities must be discovered
Why Is It Important for CySA+?
Security analysts often:
- Analyze suspicious files
- Investigate malware
- Examine unknown applications
- Understand exploit behavior
How Reverse Engineering Works
Security analysts use tools to:
- Decompile software
- Disassemble binary files
- Inspect assembly code
- Study program logic
- Identify hidden functions
Common goals:
- Discover backdoors
- Find embedded credentials
- Understand malicious behavior
- Identify encryption methods
Types of Reverse Engineering
1. Static Reverse Engineering
- Analyzing the file without running it
- Looking at binary code
- Reviewing strings and instructions
2. Dynamic Reverse Engineering
- Running the program in a controlled environment
- Using a sandbox or virtual machine
- Observing behavior during execution
Where It Is Used in IT Environments
- Malware analysis labs
- Incident response investigations
- Digital forensics
- Vulnerability research
Exam Tip
If the question mentions:
- “Analyzing malware”
- “Disassembling a binary”
- “Understanding unknown executable”
- “Investigating compiled code”
The answer is Reverse Engineering.
3. Fuzzing
What Is Fuzzing?
Fuzzing is a vulnerability testing technique where large amounts of random or unexpected input data are sent to an application to find weaknesses.
It is used to discover:
- Crashes
- Buffer overflows
- Memory leaks
- Input validation errors
- Unexpected behavior
How Fuzzing Works
- A tool generates random or malformed input.
- It sends the input to the application.
- The tool monitors:
- Crashes
- Error messages
- System instability
- Unusual behavior
If the application crashes or behaves strangely, it may indicate a vulnerability.
Types of Fuzzing
1. Dumb Fuzzing
- Sends completely random input
- No understanding of application structure
2. Smart Fuzzing
- Understands application format
- Modifies valid input intelligently
- More effective
3. Mutation-Based Fuzzing
- Takes valid input
- Slightly modifies it
- Sends altered versions
4. Generation-Based Fuzzing
- Creates input from scratch using protocol rules
Where Fuzzing Is Used in IT
- Testing web applications
- API security testing
- Network protocol testing
- Application security testing
- Software development security testing
Advantages of Fuzzing
- Finds unknown vulnerabilities
- Detects memory corruption issues
- Can discover zero-day vulnerabilities
Limitations of Fuzzing
- May generate many irrelevant crashes
- Requires monitoring tools
- Can be time-consuming
- May impact system stability
Exam Tip
If the question says:
- “Sending random input”
- “Malformed data testing”
- “Causing application crash”
- “Testing input validation”
The correct answer is Fuzzing.
How These Concepts Fit Together
| Technique | Used For | Runs Application? | Used In |
|---|---|---|---|
| Static Analysis | Code review | No | Development |
| Dynamic Analysis | Runtime testing | Yes | Testing phase |
| Reverse Engineering | Understanding compiled code | Sometimes | Malware analysis |
| Fuzzing | Input testing | Yes | Security testing |
Important CySA+ Exam Focus Points
You must understand:
✔ Difference between static and dynamic testing
✔ When to use each method
✔ How fuzzing discovers input-related vulnerabilities
✔ How reverse engineering helps analyze malware
✔ That static = before execution
✔ That dynamic = during execution
✔ That fuzzing = random/malformed input testing
Final Summary (Easy Version)
- Static Analysis → Looks at code without running it
- Dynamic Analysis → Tests application while running
- Reverse Engineering → Takes compiled software apart to understand it
- Fuzzing → Sends random or bad input to crash or break the application
If you understand these clearly, you are fully prepared for this part of Domain 2.1 in the CySA+ exam.
