Identification: scans, static/dynamic analysis, threat feeds (OSINT, proprietary, dark web), penetration testing, bug bounties, audits

4.1 Vulnerability management

📘CompTIA Security+ (SY0-701)

Vulnerability Management: Identification

Purpose:
The goal of vulnerability management is to find weaknesses in your IT environment before attackers do. Identification is the first step: knowing what vulnerabilities exist so you can fix them.

1. Scans

Definition: Scanning is using automated tools to check your systems, networks, and applications for weaknesses.

Types of scans:

  1. Network Vulnerability Scans:
    • Look for open ports, outdated software, weak configurations, and missing patches.
    • Tools: Nessus, OpenVAS, Qualys.
  2. Host-based Scans:
    • Check individual servers or workstations for vulnerabilities in software, OS, or settings.
    • Example: A Windows server missing the latest security patch.
  3. Application Scans:
    • Test web apps or mobile apps for known vulnerabilities like SQL injection or cross-site scripting (XSS).
    • Tools: Burp Suite, OWASP ZAP.

Why important: Scans provide a list of known vulnerabilities and are repeatable to track progress over time.

2. Static and Dynamic Analysis

These are methods of analyzing code to find vulnerabilities in applications.

  1. Static Application Security Testing (SAST):
    • Examines source code without running the program.
    • Finds vulnerabilities like hardcoded passwords, buffer overflows, or insecure functions.
    • Tools: SonarQube, Fortify.
    • Example: Detecting a function that allows attackers to access admin privileges.
  2. Dynamic Application Security Testing (DAST):
    • Tests the application while it’s running.
    • Finds issues like authentication bypasses, runtime errors, or input validation flaws.
    • Tools: OWASP ZAP, Burp Suite.
    • Example: Sending malicious input to see if the app exposes sensitive data.

Why important: Static checks catch code problems early; dynamic tests show real-world exploitable weaknesses.

3. Threat Feeds

Threat feeds are sources of information about current security threats and vulnerabilities. They help organizations stay aware of risks.

Types of threat feeds:

  1. OSINT (Open Source Intelligence):
    • Publicly available information about vulnerabilities.
    • Sources: Security blogs, mailing lists, forums, and vulnerability databases like CVE.
  2. Proprietary Feeds:
    • Paid feeds from security vendors that provide curated threat intelligence.
    • Examples: FireEye, Palo Alto Networks Threat Intelligence.
  3. Dark Web Feeds:
    • Information from hacker forums and illegal marketplaces.
    • Shows emerging threats before they are widely exploited.

Why important: Helps prioritize which vulnerabilities are most critical and likely to be attacked.

4. Penetration Testing (Pen Testing)

Definition: Ethical hackers simulate real attacks to find weaknesses.

How it works:

  1. Testers try to exploit vulnerabilities in networks, servers, or apps.
  2. They provide a report with findings and recommendations.

Tools used: Metasploit, Nmap, Kali Linux tools.

Why important: Pen testing goes beyond automated scans, showing real attack paths.

5. Bug Bounties

Definition: Programs where external security researchers are rewarded for reporting vulnerabilities.

Key points:

  • Companies invite ethical hackers to test their software.
  • Rewards depend on severity of the vulnerability.
  • Example: A researcher finds a critical bug in a web application and reports it for a monetary reward.

Why important: Bug bounties provide continuous external testing and uncover issues internal teams might miss.

6. Audits

Definition: Formal review of systems, configurations, and policies to ensure compliance and security.

Types of audits:

  1. Internal audits: Conducted by in-house IT or security teams.
  2. External audits: Conducted by third-party organizations.
  3. Compliance audits: Check if the organization meets standards like PCI-DSS, ISO 27001, HIPAA.

Why important: Audits can reveal policy violations, misconfigurations, and missing patches that automated tools might not detect.

Summary Table: Identification Methods

MethodWhat it DoesExample ToolsWhy Important
ScansAutomates checking for known vulnerabilitiesNessus, OpenVASQuickly identifies outdated software, open ports, and misconfigurations
Static AnalysisChecks source code for weaknessesSonarQube, FortifyDetects coding mistakes before software runs
Dynamic AnalysisTests running applicationsOWASP ZAP, Burp SuiteFinds vulnerabilities visible during execution
Threat FeedsProvides intelligence on current threatsCVE, FireEye, dark web feedsHelps prioritize vulnerabilities based on real-world attacks
Penetration TestingSimulates attacksMetasploit, NmapReveals exploitable vulnerabilities and attack paths
Bug BountiesRewards external testers for finding bugsHackerOne, BugcrowdProvides continuous external testing
AuditsReviews systems for compliance/securityInternal & external auditorsDetects misconfigurations, policy violations, and gaps

Exam Tips:

  • Know the difference between SAST and DAST.
  • Remember that scans are automated, while pen tests simulate real attacks.
  • Understand threat feeds types: OSINT (public), proprietary (paid), dark web (hidden).
  • Audits and bug bounties are more manual but provide unique insights.

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by