Once a
target is identified and researched from Reconnaissance efforts, the next step
is evaluating the target for vulnerabilities. At this point, the Penetration Tester
should know enough about a target to select how to analyze for possible vulnerabilities
or weakness. Examples for testing for weakness in how the web application
operates, identified services, communication ports, or other means.
Vulnerability
Assessments and Security Audits typically conclude after this phase of the
target evaluation process.
Capturing
detailed information through Reconnaissance improves accuracy of targeting
possible vulnerabilities, shortens execution time to perform target evaluation
services, and helps to avoid existing security. For example, running a generic
vulnerability scanner against a web application server would probably alert the
asset owner, take a while to execute and only generate generic details about
the system and applications. Scanning a server for a specific vulnerability based
on data obtained from Reconnaissance would be harder for the asset owner to detect,
provide a good possible vulnerability to exploit, and take seconds to execute. Evaluating
targets for vulnerabilities could be manual or automated through tools. There
is a range of tools offered in Kali Linux grouped as a category labeled Vulnerability Analysis. Tools
range from assessing network devices to databases.
The
following is the list of Target Evaluation goals:
- Evaluation targets for weakness
- Identify and prioritize vulnerable systems
- Map vulnerable systems to asset owners
- Document findings
No comments:
Post a Comment