What is a Vulnerability Assessment?
Vulnerability assessment refers to a testing process used for detecting and assigning severity levels to a number of security defects within a specific time period. This assessment process could involve manual and automated techniques with different degrees of consistency and an emphasis on comprehensive coverage. With the help of a risk-based approach, vulnerability assessments could also be capable of targeting different layers of technology, the most common being network-, host-, and application-layer assessments.
Difference between Web Vulnerability Assessment and Network Vulnerability Assessment
With the on-going growth in technology, there is also a simultaneous spread of different hacking attacks that are becoming more and more sophisticated. We can consider this to be a warning sign for organizations worried about their security. These organizations should thus apply the best practices with regards to security for their web applications in order to safeguard their brand and reputation and also prevent data loss and even financial loss.
When talking about the designing of a web application, besides just focussing on security an organization should also consistently assess the security levels of their web applications by employing two key methods:
- Web vulnerability assessment
- Web application penetration testing
With web vulnerability assessments, you will be able to automatically determine deficiencies by crawling the website in order to discover potential vulnerabilities and then report these results. Several open source and commercial vulnerability scanning tools are available to help execute this task. A comprehensive vulnerability assessment has most of the same processes like those found in a penetration test, however, there is indeed a huge difference in the results they deliver.
Web application penetration testing is performed in a more rigorous manner by employing both automated and manual methods such as interactive tools and scripts and also by following an established approach. In a penetration test, vulnerabilities are obviously detected and an attempt is also made to exploit them.
A penetration test involves the process of reconnaissance, mapping, discovery and the consequent exploitation of vulnerabilities. As discussed above, vulnerability assessments and penetration tests almost follow the same process because they both begin with:
This phase involves collecting information about the web application via indirect and direct means, such as examining web search results, DNS records, and other available information.
This phase deals with downloading the website and detecting deficiencies present in the web server and software configuration.
This phase discovers vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), information leakage, and Cross-Site Request Forgery (CSRF). A vulnerability assessment is complete at this stage, but the penetration test takes the process to one more phase.
In this phase, attempts are made to exploit the detected vulnerabilities in order to simulate real-world attacks.
Given below is a list of the most dangerous vulnerabilities one could encounter:
- Remote File Inclusion
A remote file inclusion takes place when a file from a remote server gets inserted into a web page. This can be executed on purpose in order to display content on a website from a remote website. However, this attack can occur accidentally due to a misconfiguration of the respective programming language or during the execution of an attack.
- ASP Code Injection
This vulnerability permits an attacker to inject custom code into the server side scripting engine. This attack takes place when an attacker can control part or all of an input string that is fed into an eval() statement, which ends in code execution.
- SQL Injection
This attack tries to use application code to corrupt or access database content. This is executed through a Web request where the Web user input is wrongly filtered for string literal escape characters that can be embedded in your SQL statements or not properly sanitized or typed, and thus getting suddenly interpreted and executed as SQL.
- Cross Site Scripting (XSS)
In an XSS attack, malicious HTML or client-side scripts are injected into Web pages viewed by other users, thus bypassing access controls that browsers use in order to ensure that requests are from the same domain. An attacker thus gains access to session cookies, confidential page content, and different client-side objects via XSS attacks.
- Full Path Disclosure (FPD)
This vulnerability allows the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Some vulnerabilities, such as employing the load_file() (inside a SQL Injection) query in order to view the page source, will need the attacker to have the full path to the file they want to view.
- Directory Traversal
This is a type of HTTP exploit employed by attackers to gain unauthorized access to restricted files and directories. Also referred to as path traversal, directory traversal attacks use web server software to exploit insufficient security mechanisms and access files and directories stored outside of the web root folder.
Vulnerability Scanning Tools
- Comodo cWatch Web
- Acunetix WVS
Some of the commonly used vulnerability assessment tools include:
- Comodo cWatch Web
This web security tool is a Managed Security Service apt for websites and applications. One of its key features includes vulnerability scanning for online merchants, businesses, and several other service providers dealing with credit cards online. It provides a simple and automated way to stay compliant with the Payment Card Industry Data Security Standard (PCI DSS). The Comodo Security Information and Event Management (SIEM) processes vulnerability information from web, application and network vulnerability scanners. The Comodo Web Application Firewall (WAF) that comes along with this vulnerability assessmenttool is also capable of eliminating application vulnerabilities and protecting web applications and websites against advanced attacks like SQL Injection, Cross-Site Scripting, and Denial-of-Service (DDoS). This WAF is thus incorporated with vulnerability scanning, malware scanning, and automatic virtual patching and hardening engines.
- Acunetix WVS
This vulnerability assessment scanner is available with SQL injection and XSS black box scanning technology. It is capable of automatically crawling websites and executing black box and grey box hacking techniques which detect dangerous vulnerabilities that can compromise your website and sensitive data.
This vulnerability scanner helps in collecting all the information required for testing all the apps so that you are not left with gaping application risks. AppSpider allows you to scan all the newest apps and prepares you for whatever comes next.
This web application scanner detects specific vulnerabilities in your website. This simple software has been designed for scanning small websites like forums, personals, etc.
This is an Open Source (GPL) web server scanner that carries out comprehensive tests against web servers for multiple items and also checks for outdated versions of servers. It is also capable of checking for server configuration items such as the existence of multiple index files and HTTP server options.