Vulnerability Assessment And Penetration Testing

Vulnerability Assessment And Penetration Testing

Vulnerability Assessment and Penetration Testing (VAPT) are two types of vulnerability testing. The tests have different strengths and are often combined to achieve a more complete vulnerability analysis. In short, Penetration Testing and Vulnerability Assessments perform two different tasks, usually with different results, within the same area of focus.

Vulnerability assessment tools discover which vulnerabilities are present, but they do not differentiate between flaws that can be exploited to cause damage and those that cannot. Vulnerability scanners alert companies to the preexisting flaws in their code and where they are located. Penetration tests attempt to exploit the vulnerabilities in a system to determine whether unauthorized access or other malicious activity is possible and identify which flaws pose a threat to the application. Penetration tests find exploitable flaws and measure the severity of each. A penetration test is meant to show how damaging a flaw could be in a real attack rather than find every flaw in a system. Together, penetration testing and vulnerability assessment tools provide a detailed picture of the flaws that exist in an application and the risks associated with those flaws.

 

Features and Benefits of VAPT

Vulnerability Assessment and Penetration Testing (VAPT) provides enterprises with a more comprehensive application evaluation than any single test alone. Using the Vulnerability Assessment and Penetration Testing (VAPT) approach gives an organization a more detailed view of the threats facing its applications, enabling the business to better protect its systems and data from malicious attacks. Vulnerabilities can be found in applications from third-party vendors and internally made software, but most of these flaws are easily fixed once found. Using a VAPT provider enables IT security teams to focus on mitigating critical vulnerabilities while the VAPT provider continues to discover and classify vulnerabilities.

Vulnerability Assessment and Penetration Testing and Compliance Requirements

Compliance is a major undertaking, whether it is PCI, FISMA or any other. Veracode’s service allows companies to meet their compliance requirements faster and more effectively. The Veracode platform finds flaws that could damage or endanger applications in order to protect internal systems, sensitive customer data and company reputation. Having a system in place to test applications during development means that security is being built into the code rather than retroactively achieved through patches and expensive fixes.

How Veracode Accommodates VAPT

Veracode’s platform combines both Vulnerability Assessment and Penetration Testing (VAPT) methods. By doing so, Veracode provides both a full list of the flaws found and a measurement of the risk posed by each flaw. Veracode performs both dynamic and static code analysis to not only find flaws in code but also to determine if there are any missing functionalities whose absence could lead to security breaches. For example, Veracode can determine whether sufficient encryption is employed and whether a piece of software contains any application backdoors through hard-coded user names or passwords. Veracode's binary scanning approach produces more accurate testing results using methodologies developed and continually refined by a team of world-class experts. Veracode returns fewer false positives, allowing penetration testers and developers to spend more time remediating problems and less time sifting through non-threats.

Veracode has developed an automated, on-demand, application security testing solution. With Veracode, companies no longer need to buy expensive vulnerability assessment software, train developers and QA personnel on how to use it, or spend time and money to constantly update it. The Veracode platform is dynamically updated and upgraded, meaning users reap the latest benefits every time they log in.

 

https://blog.csdn.net/weixin_41686586/article/details/113799961

基本概念：
漏洞扫描：基于漏洞数据库（也就是只能检测到漏洞数据库里已有的漏洞），通过扫描等手段对目标系统的的一种安全脆弱性检测。漏扫的工具很多，使用较多的有Nessus，AWVS等。国内的安全厂商很多都有自己的漏扫工具，比如绿盟的工具。通过漏洞扫描，能够发现远端网络或主机的配置、端口、网络服务、服务器的具体信息等。漏扫不能发现一些逻辑漏洞。

渗透测试：通过模拟恶意黑客的攻击方法，来评估计目标系统安全的一种评估方法。这个过程包括对系统的任何弱点、技术缺陷或漏洞的主动的主动分析，这个分析是从一个攻击者可能存在的位置来及进行的，并且从这个位置有条件主动利用安全漏洞。渗透可以发现一些管理上的漏洞，或者逻辑上的缺陷，比如知道了其中一台服务器的口令是ABC123,那么可能去尝试用这个口令登录其他服务器或者业务系统，这个漏扫是做不到的，渗透过程有很多黑客思维在里面。

工作方式：
漏洞扫描：是在网络设备中发现已经存在的漏洞，比如防火墙，路由器，服务器等各种应用等等，该过程是自动化的，主要针对的是网络或应用层上潜在的及已知漏洞。漏洞的扫描过程中是不涉及到漏洞的利用的。漏扫一般是自动化工具处理大量的资产。其范围比渗透测试要大。漏扫报告也是自动输出完成。

渗透测试：需要测试人员使用不同工具去尝试综合利用已有漏洞，或发掘未知漏洞，前期也会结合漏扫结果进行攻击，攻击使用的工具常用的Kali，BurpSuite，Sqlmap等。渗透测试最终要验证漏洞的存在和可利用性，就是像黑客一样最终可以拿到目标系统的权限或者上面的资料。渗透测试的报告也需要人工编辑。

对目标的影响：
漏洞扫描：以一种非侵略性的方式，定位和量化系统的所有漏洞，一般对目标系统不会产生影响。就是不影响业务的正常运转。

渗透测试：有一定的侵略性，会试图使用各种技术手段攻击真实生产环境，可能会产生一定的破坏或者产生一些多余的测试文件。（所以渗透测试前一般要甲方先授权进行此工作）

渗透测试(白盒、黑盒、灰盒)，比如黑盒测试，前期要自己去寻找目标的相关资产。比如挖子域名、跑敏感目录、扫端口等，前期收集信息的多少就决定后期渗透的程度。

时间成本：
漏洞扫描：过程是自动化的，专注于网络或应用层上的潜在及已知漏洞，不涉及漏洞利用。不需要多少专业知识即可开展。

漏扫过程：输入检测范围- > 完成输出报告。

渗透测试：往往利用新漏洞，或者发现正常业务流程中未知的安全缺陷，这一过程可能需要几天或跟多的时间。对渗透人员的个人能力要求很高，除了熟练使用各种工具，还要有相当的经验，能够将各种信息进行关联分析，具有一定的社会工程学思想。专业的测试人员，在测试中会自行编写脚本，修改攻击参数，或者调整所用工具的设置。一些黑客攻击业务系统，也是一个过程，不是一蹴而就的，可能花2个月拿下一个系统，会综合利用这个目标系统相关的各种信息。这个要花时间和心思，可能还要点灵感。

渗透过程：明确渗透目标- > 分析风险，获得授权- > 信息搜集- > 漏洞探测- > 漏洞验证- > 信息分析- > 利用漏洞- > 信息整理- > 信息整理- > 形成报告

（渗透暂时没有标准，只有流程，一般是七部，上面的信息分析和整理也可以忽略不计于此处，但是实际要做的，花时间的）

工作结果：
漏洞扫描：用不同的漏扫工具，扫出来的结果估计差别不大，都是那些高中低危漏洞。

渗透测试：如果给不同的人做渗透，最终的结果会差异比较大，渗透报告一比较就知道，谁强谁弱了。

 
————————————————
版权声明：本文为CSDN博主「老舅教石头」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。
原文链接：https://blog.csdn.net/weixin_41686586/article/details/113799961

 

作者:Chuck Lu    GitHub