Search

Introduction to Vulnerability Analysis in Ethical Hacking

In this article we will discuss the various aspects of Vulnerability analysis in ethical hacking. We will walk you through common examples of vulnerability, various lists and models to prevent them. The models we will be discussing are firewall, password, logical bombing and web hijacking, and in this article, we will talk about the methods to protect systems from these vulnerabilities.What is Vulnerability?Vulnerability can be defined as an issue in the software code that a hacker can exploit to  harm the systems. It can be a gap in the implementation of cybersecurity procedures or a weakness in the controls.What is an example of vulnerability?Examples of vulnerabilities exist in every industry. These include:Unauthorized network access by Hackers due to a weak FirewallCracking of Wi-Fi PasswordsExposure of sensitive data due to lack of application securityCredit card data, Health RecordsSecurity misconfigurationMisconfiguration of passwordsInsecure cryptographic storageWhat are the 4 main types of vulnerabilities?The  4 main types of vulnerabilities are:Faulty defenses – Poor defense measures pave the way for easy intrusion by hackers.  This may be due to weak authentication, authorization, and encryption.Resource management not adequate –The chances of buffer overflow and the potential to have many vulnerabilities are greater when there is inadequate resource management.Insecure connections – If the connection between the system, application and networks is insecure, there is a higher probability of many threats like SQL injection.End user errors and misuse – In many cases, the errors are caused by humans and misuse of the systems.What are vulnerability lists?Below are the various types of Vulnerability lists as per OWASP. There are around 60 in number at present, and the list is growing:Allowing Domains or Accounts to ExpireWhen domain names have expired, the hacker may buy them and set up a mail server. The hacker can find out the incoming mails and get to know the details.Buffer OverflowA process where there is more data added to the buffer and the excess data becomes corrupted and susceptible to vulnerabilities.Business logic vulnerabilityThe software code may be missing a security control like authentications, encryption, or authorization.CRLF InjectionCarriage Return Line Feed – Can be done by modifying the HTTP parameter of the URL.CSV InjectionWhen untrusted CSV files are embedded to the websites causing vulnerabilities.Catch Null Pointer ExceptionWhen the program contains the null pointer, it is highly risky.Covert storage channelThis can help the attackers easily and often happens due to faulty implementation.Deserialization of untrusted dataInjection of malicious data into the applications to stop execution of programs.Directory Restriction ErrorHappens due to the improper use of CHROOT.Doubly freeing memoryThis error occurs when free() is called more than once in the memory address.Empty String PasswordEmpty string password is highly insecure.Expression Language InjectionInjection happens when attacker-controlled data enters an EL interpreter.Full Trust CLR Verification issue Exploiting Passing Reference Types by ReferenceCreate a file called by ValueTypeTest.cs and compile it using csc by Value Type Test.csc.Heartbleed BugCatastrophic bug in OpenSSLImproper Data ValidationMultiple validation forms with the same name indicate that validation logic is not up-to-date.Improper pointer subtractionThe subtraction of one pointer from another to determine the size is dependent on the assumption that both pointers exist in the same memory chunk.Information exposure through query strings in url Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL.Injection problemThe basic form of this flaw involves the injection of control-plane data into the data-plane in order to alter the control flow of the processInsecure Compiler OptimizationImproperly scrubbing sensitive data from memory can compromise security.Insecure RandomnessInsecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context.Insecure Temporary FileCreating and using insecure temporary files can leave application and system data vulnerable to attacks.Insecure Third-Party Domain AccessOccurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.Insecure TransportThe application configuration should ensure that SSL is used for all access-controlled pages.Insufficient EntropyPseudo Random Number Generators are susceptible to suffering from insufficient entropy when they are initialized, because entropy data may not be available to them yet.Insufficient Session-ID LengthSession identifiers should be at least 128 bits long to prevent brute-force session guessing attacksLeast Privilege ViolationThe elevated privilege level required to perform operations such as chroot () should be dropped immediately after the operation is performed.Memory leakA memory leak is an unintentional form of memory consumption whereby the developer fails to free an allocated block of memory when no longer needed.Missing Error HandlingMust define a default error page for 404 errors, 500 errorsMissing XML ValidationFailure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.Multiple admin levelsMultiple level admins may alter the login credentialsOther list of VulnerabilitiesNull DereferenceOWASP .NET Vulnerability ResearchOverly Permissive Regular ExpressionPHP File InclusionPHP Object Injection PRNG Seed ErrorPassword Management Hardcoded PasswordPassword Plaintext StoragePoor Logging PracticePortability FlawPrivacy ViolationProcess ControlReturn Inside Finally BlockSession Variable OverloadingString Termination ErrorUnchecked Error ConditionUnchecked Return Value Missing Check against NullUndefined BehaviorUnreleased ResourceUnrestricted File UploadUnsafe JNIUnsafe Mobile CodeUnsafe function call from a signal handlerUnsafe use of ReflectionUse of Obsolete MethodsUse of hard-coded passwordUsing a broken or risky cryptographic algorithmUsing freed memoryVulnerability templateXML External Entity (XXE) ProcessingWhat is Vulnerability Analysis?Vulnerability analysis is a procedure to check all the vulnerabilities in the systems, computers and other ecosystem tools. The vulnerability analysis helps in the analyzing, recognizing and ranking of the vulnerabilities as per the severity. It helps with the identification and assessment of threat details, enabling us to keep a resolution to protect them from hackers. The analysis can be done for every industry from Healthcare to Retail to IT.Objectives of the Vulnerability analysisTo identify vulnerabilities – Configuration, system, Design, Code, ProcessDocumenting the vulnerabilitiesPreparation of guidance to mitigate the vulnerabilitiesImportance of Vulnerability AnalysisDeep dive insights of the security issuesHelps us understand the risks associated with the entire ecosystemFor security breachesAssets that are prone to cyber attacksSteps for the vulnerability AnalysisHow to check if the organization requires Vulnerability AnalysisTypes of Vulnerability AssessmentNetwork Based ScansTo identify network vulnerabilities. This scan helps to find the vulnerable systems in the wired and wireless networksHost Based ScansThis scan is to identify vulnerabilities in the ports, configuration, server workstations, other hosts and patch historyWireless Network ScansComplete scan on wireless networks to find the vulnerabilitiesApplication ScansTo test all portals and mobile applications for vulnerabilitiesDatabase ScansTo scan all the databases for potential vulnerabilitiesModels of Vulnerability in Ethical HackingFirewall modelInsider attacks -  A Perimeter firewall should be decided and this can take care of the external attacksMissed security patchesWhen the patch management of firewall has not happenedConfiguration issuesIf there are faults in the configuration of firewallDDOS attacksOnly allow legitimate traffic to avoid these attacksPassword modelTo crack the password the hacker uses any of the following – Dictionary, Hybrid model and Brute forceLogical BombingThis usually happens when the hacker uses a malicious code to inject the web application or the cloud infrastructureWeb HijackingThis happens when an unauthorized user tries to access the application bypassing the authorization mechanismProtection from HackingWe need to follow some simple steps to prevent hackingUpdating of Operating systemsInstallation of the proper firewall to prevent intrusionDestroying all personal information from all the web sourcesNo use of Open Wi-FiPassword – Strong password which is not easy to find outSmart emailing – Avoid opening of phishing mailsKeep the sensitive data in the protected environmentIgnore spamShut down the systems after useSecure the networkBack up the dataConclusionIn this article we have discussed the various vulnerabilities that hackers can exploit to gain unauthorized access to a system. Best practices and techniques on how to find the vulnerabilities are also discussed. We have discussed the analysis of vulnerabilities and how it helps in preventing the system from being hacked. Finally, we have discussed models of vulnerabilities in ethical hacking and the ways to keep ourselves protected from hacking.

Introduction to Vulnerability Analysis in Ethical Hacking

2K
  • by Anand V
  • 18th Nov, 2020
  • Last updated on 11th Mar, 2021
  • 10 mins read
Introduction to Vulnerability Analysis in Ethical Hacking

In this article we will discuss the various aspects of Vulnerability analysis in ethical hacking. We will walk you through common examples of vulnerability, various lists and models to prevent them. The models we will be discussing are firewall, password, logical bombing and web hijacking, and in this article, we will talk about the methods to protect systems from these vulnerabilities.

What is Vulnerability?

Vulnerability can be defined as an issue in the software code that a hacker can exploit to  harm the systems. It can be a gap in the implementation of cybersecurity procedures or a weakness in the controls.

What is an example of vulnerability?

Examples of vulnerabilities exist in every industry. These include:

  • Unauthorized network access by Hackers due to a weak Firewall
  • Cracking of Wi-Fi Passwords
  • Exposure of sensitive data due to lack of application security
    • Credit card data, Health Records
  • Security misconfiguration
    • Misconfiguration of passwords
  • Insecure cryptographic storage

What are the 4 main types of vulnerabilities?

The  4 main types of vulnerabilities are:

  1. Faulty defenses – Poor defense measures pave the way for easy intrusion by hackers.  This may be due to weak authentication, authorization, and encryption.
  2. Resource management not adequate –The chances of buffer overflow and the potential to have many vulnerabilities are greater when there is inadequate resource management.
  3. Insecure connections – If the connection between the system, application and networks is insecure, there is a higher probability of many threats like SQL injection.
  4. End user errors and misuse – In many cases, the errors are caused by humans and misuse of the systems.

What are vulnerability lists?

Below are the various types of Vulnerability lists as per OWASP. There are around 60 in number at present, and the list is growing:

  1. Allowing Domains or Accounts to Expire
    • When domain names have expired, the hacker may buy them and set up a mail server. The hacker can find out the incoming mails and get to know the details.
  2. Buffer Overflow
    • A process where there is more data added to the buffer and the excess data becomes corrupted and susceptible to vulnerabilities.
  3. Business logic vulnerability
    • The software code may be missing a security control like authentications, encryption, or authorization.
  4. CRLF Injection
    • Carriage Return Line Feed – Can be done by modifying the HTTP parameter of the URL.
  5. CSV Injection
    • When untrusted CSV files are embedded to the websites causing vulnerabilities.
  6. Catch Null Pointer Exception
    • When the program contains the null pointer, it is highly risky.
  7. Covert storage channel
    • This can help the attackers easily and often happens due to faulty implementation.
  8. Deserialization of untrusted data
    • Injection of malicious data into the applications to stop execution of programs.
  9. Directory Restriction Error
    • Happens due to the improper use of CHROOT.
  10. Doubly freeing memory
    • This error occurs when free() is called more than once in the memory address.
  11. Empty String Password
    • Empty string password is highly insecure.
  12. Expression Language Injection
    • Injection happens when attacker-controlled data enters an EL interpreter.
  13. Full Trust CLR Verification issue Exploiting Passing Reference Types by Reference
    • Create a file called by ValueTypeTest.cs and compile it using csc by Value Type Test.csc.
  14. Heartbleed Bug
    • Catastrophic bug in OpenSSL
  15. Improper Data Validation
    • Multiple validation forms with the same name indicate that validation logic is not up-to-date.
  16. Improper pointer subtraction
    • The subtraction of one pointer from another to determine the size is dependent on the assumption that both pointers exist in the same memory chunk.
  17. Information exposure through query strings in url 
    • Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL.
  18. Injection problem
    • The basic form of this flaw involves the injection of control-plane data into the data-plane in order to alter the control flow of the process
  19. Insecure Compiler Optimization
    • Improperly scrubbing sensitive data from memory can compromise security.
  20. Insecure Randomness
    • Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context.
  21. Insecure Temporary File
    • Creating and using insecure temporary files can leave application and system data vulnerable to attacks.
  22. Insecure Third-Party Domain Access
    • Occurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.
  23. Insecure Transport
    • The application configuration should ensure that SSL is used for all access-controlled pages.
  24. Insufficient Entropy
    • Pseudo Random Number Generators are susceptible to suffering from insufficient entropy when they are initialized, because entropy data may not be available to them yet.
  25. Insufficient Session-ID Length
    • Session identifiers should be at least 128 bits long to prevent brute-force session guessing attacks
  26. Least Privilege Violation
    • The elevated privilege level required to perform operations such as chroot () should be dropped immediately after the operation is performed.
  27. Memory leak
    • A memory leak is an unintentional form of memory consumption whereby the developer fails to free an allocated block of memory when no longer needed.
  28. Missing Error Handling
  29. Must define a default error page for 404 errors, 500 errors
  30. Missing XML Validation
    • Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.
  31. Multiple admin levels
    • Multiple level admins may alter the login credentials

Other list of Vulnerabilities

  1. Null Dereference
  2. OWASP .NET Vulnerability Research
  3. Overly Permissive Regular Expression
  4. PHP File Inclusion
  5. PHP Object Injection 
  6. PRNG Seed Error
  7. Password Management Hardcoded Password
  8. Password Plaintext Storage
  9. Poor Logging Practice
  10. Portability Flaw
  11. Privacy Violation
  12. Process Control
  13. Return Inside Finally Block
  14. Session Variable Overloading
  15. String Termination Error
  16. Unchecked Error Condition
  17. Unchecked Return Value Missing Check against Null
  18. Undefined Behavior
  19. Unreleased Resource
  20. Unrestricted File Upload
  21. Unsafe JNI
  22. Unsafe Mobile Code
  23. Unsafe function call from a signal handler
  24. Unsafe use of Reflection
  25. Use of Obsolete Methods
  26. Use of hard-coded password
  27. Using a broken or risky cryptographic algorithm
  28. Using freed memory
  29. Vulnerability template
  30. XML External Entity (XXE) Processing

What is Vulnerability Analysis?

Vulnerability analysis is a procedure to check all the vulnerabilities in the systems, computers and other ecosystem tools. The vulnerability analysis helps in the analyzing, recognizing and ranking of the vulnerabilities as per the severity. It helps with the identification and assessment of threat details, enabling us to keep a resolution to protect them from hackers. The analysis can be done for every industry from Healthcare to Retail to IT.

Objectives of the Vulnerability analysis

  • To identify vulnerabilities – Configuration, system, Design, Code, Process
  • Documenting the vulnerabilities
  • Preparation of guidance to mitigate the vulnerabilities

Importance of Vulnerability Analysis

  • Deep dive insights of the security issues
  • Helps us understand the risks associated with the entire ecosystem
    • For security breaches
  • Assets that are prone to cyber attacks

Steps for the vulnerability Analysis

Steps for the vulnerability Analysis

How to check if the organization requires Vulnerability Analysis

How to check if the organization requires Vulnerability Analysis

Types of Vulnerability Assessment

Network Based Scans

To identify network vulnerabilities. This scan helps to find the vulnerable systems in the wired and wireless networks

Host Based Scans

This scan is to identify vulnerabilities in the ports, configuration, server workstations, other hosts and patch history

Wireless Network Scans

Complete scan on wireless networks to find the vulnerabilities

Application Scans

To test all portals and mobile applications for vulnerabilities

Database Scans

To scan all the databases for potential vulnerabilities

Models of Vulnerability in Ethical Hacking

Firewall model

  • Insider attacks -  A Perimeter firewall should be decided and this can take care of the external attacks
  • Missed security patches
    • When the patch management of firewall has not happened
  • Configuration issues
    • If there are faults in the configuration of firewall
  • DDOS attacks
    • Only allow legitimate traffic to avoid these attacks

Password model

To crack the password the hacker uses any of the following – Dictionary, Hybrid model and Brute force

Logical Bombing

This usually happens when the hacker uses a malicious code to inject the web application or the cloud infrastructure

Web Hijacking

This happens when an unauthorized user tries to access the application bypassing the authorization mechanism

Protection from Hacking

We need to follow some simple steps to prevent hacking

  • Updating of Operating systems
  • Installation of the proper firewall to prevent intrusion
  • Destroying all personal information from all the web sources
  • No use of Open Wi-Fi
  • Password – Strong password which is not easy to find out
  • Smart emailing – Avoid opening of phishing mails
  • Keep the sensitive data in the protected environment
  • Ignore spam
  • Shut down the systems after use
  • Secure the network
  • Back up the data

Conclusion

In this article we have discussed the various vulnerabilities that hackers can exploit to gain unauthorized access to a system. Best practices and techniques on how to find the vulnerabilities are also discussed. We have discussed the analysis of vulnerabilities and how it helps in preventing the system from being hacked. Finally, we have discussed models of vulnerabilities in ethical hacking and the ways to keep ourselves protected from hacking.

Anand

Anand V

Blog Author

Anand V is an independent consultant with more than 23 plus years of experience. He is currently working in areas of Artificial  Intelligence ,Cybersecurity, Blockchain and IoT. 

Join the Discussion

Your email address will not be published. Required fields are marked *

Suggested Blogs

Major Benefits of Earning the CEH Certification in 2022

One of the most popular testing certifications in the market, the Certified Ethical Hacker credential provides the knowledge and skills needed for ‘white hat’ hacking. Certified professionals have the competencies required to anticipate cyber-crime, respond adequately to mitigate risks and control any damages caused due to security breaches.  During the pandemic, leading organizations have turned to the digital world; and their investments in cybersecurity have increased as they have realized the critical importance of being cyber resilient. As a result, plenty of opportunities have opened up for skilled professionals in the cybersecurity wing of business enterprises and government organizations.  In this article we will be discussing the importance of the Certified Ethical Hacking course, and why you should choose this as a career option. We will talk about who is the right audience for this course, what are the benefits of gaining the certification, and what comes next.  What is Ethical Hacking? Let us first understand what ethical hacking is.  Ethical hacking is a process of penetrating  applications/networks/smart devices with official permission for checking vulnerabilities, if any. This analysis helps in taking preventive and corrective measures to improve the cybersecurity of  systems. A Certified Ethical Hacker is a professional who is skilled at understanding the vulnerabilities of various systems and fixing them in an ethical manner.  Purpose of CEH How does CEH certification stand apart from the rest of the certifications?  What can we learn from CEH in 2022?  S.NoObjectiveLearning1.Hacking Challenges on Steroids24 incredible challenges across 4 levels including 18 attack vectors2.Emerging Attack VectorsFile less malware. Targeted Ransomware, Web API threats and web shell3.Enumeration TechniquesNFS, Telnet.SMB, FTP,IPV6,BGP4.Malware Reverse EngineeringStatic and Dynamic malware analysis5.Cloud ComputingContainer Technology, Docker, Kubernetes, Serverless computing, Cloud Hacking methodology6.Hacking web applicationsWeb API.Web hooks, web shell concepts, Web API hacking and security7.Operation TechnologyICS, SCADA,PLC,HMI based attacks, Side-channel attacks8.WPA3Encryption and crackingWhy do we need to choose CEH as a career option? Ethical hacking follows five phases of processes, with each process laying out measurable ways of identifying vulnerabilities. Certified Ethical Hacker is the only certification which offers expertise across all the five phases. It is normally included as a practice in ongoing network assessment, penetration testing, or other risk assessment practices. Expansion of new technologies has increased the risk of cyber-crime, and Ethical hacking is now a standard practice across enterprises, governments, and startups. With increased dependence on data science across industries, the protection of digital and information assets is crucial. Hacking is a malicious act and companies are cognizant of these risks. To avoid attacks by hackers, all  organizations are looking for qualified ethical hackers who can protect and save their digital assets. There is an increase in the job opportunities for ethical hackers, and the industry is estimated to grow exponentially over the next 10 years due to the data surge. CEH is a career that is here to stay! Who is CEH intended for?Anyone who is interested to develop their career in ethical hacking, including the following: Information Security Analyst/Administrator Information Security Officer Information Security Manager /Specialist Information Systems Security Engineer Information Security Professional IT auditor Risk/Threat/Vulnerability Analyst System Administrators Network Administrator Network Engineer Common Job Roles for Certified Ethical Hackers Mid-level information assurance security audit Cybersecurity auditor System security administrator IT security administrator Cyber Defense Analyst Vulnerability Assessment Analyst Warning Analyst Information Security Analyst Security Analyst InfoSec Security Administrator Cybersecurity Analyst Network security Engineer SOC Security Analyst Network Engineer Senior Security Consultant Manual Ethical hacker Information security manager Jr. Penetration Tester Solution Architect Cybersecurity Consultant Security compliance analyst Technology Risk and Cybersecurity Audit Top benefits of CEH Certification  Accreditation program CEH is an ANSI accredited program It is recognized by DoD and GCHQ. The curriculum is regularly updated depending on the market need and recent trends. Exam blueprints are based on 10 different elements including the practical aspects. Rigorous standards are maintained around the development and maintenance of the certification. Global Recognition  Various job roles across the enterprises Certified Ethical Hacker (C|EH) credential is globally recognized by companies and organizations such as Deloitte, IBM, EY, and othersRemuneration  The average payout to a Certified Ethical Hacker is $89,000 per annum CEH has consistently made it to the list of top paid IT certifications over the past decade. Good Corporate Career Standard corporate career designations across  more than 30 different roles Beginner to Senior management roles – Analyst to CISO Good incentives for CEH professionals apart from salaries Strong Global community Good networking opportunity even to start your own company Mapped to Industry Frameworks Mapped to NICE 2.0 Framework Practical course and live case studies Ongoing CPEs  Ease of access Online Proctored Exams  Benefits of Skill upgrade- the CEH Master Program Holders of the CEH credential can take the next step with the CEH Master certification. Comes with practical assessments Global Recognition as an expert in Ethical hacking Performance-based training and certification ConclusionIn this article we have seen the scope of CEH as a career option, the various benefits it holds, and why individuals must take this certification. The depth of roles ranges from Beginner to Expert to senior management, and there is growing global recognition for holders of this credential. As a result, you can avail of excellent job opportunities with great salaries. The next step in your learning journey can be the CEH - Master program.  
5673
Major Benefits of Earning the CEH Certification in...

One of the most popular testing certifications in ... Read More

How To Clear CEH in First Attempt?

Cybercrime and hacking attacks are doubling year on year. Not just corporate giants and government entities, but even small scale companies and start-ups are afraid of being victims of cyber theft. Organizations may face major losses not just in their profits but also loss of reputation, data, and customers. Therefore, almost all organizations want to keep their data and privacy of their customers safe from cyber criminals. These organizations spend a fortune on implementing robust technology architecture and on hiring professionals who can identify loopholes in the cyber security systems and patch them up before hackers can get through. These professionals, known as ethical hackers or white hat hackers, can help organizations protect their assets (people, process, and technology) from cybercriminals.Why CEH? The exponential rise in data, and our dependence on virtual systems has also consequently raised attacks from cyber criminals and data breaches. This has made the role of the ethical hacker among the most important job roles in these times. There is a huge demand for cybersecurity experts in almost all types of businesses. To hire security experts, organizations have some basic or minimum benchmarks set. These security experts are expected to have a good understanding of security concepts, and knowledge of the latest tools, processes, and frameworks so that they can be one step ahead of cyber criminals and prevent data breach.  This is where certifications such as the CEH - Certified Ethical Hacker by EC-Council comes into play. The CEH is the most comprehensive program for ethical hackers as it covers the latest hacking trends and familiarises professionals with the technologies that will help prevent data breaches. This international accreditation is recognised world over, so no matter where you are, your skills and knowledge will be considered valid by all organizations, anywhere in the world. To defeat the hacker, you need to think like a hacker. This program is all about developing the hacker mindset but in an ethical way. Once you are ready to jump into this, passing the CEH exam is your 1st milestone in your career. In this article, we will learn how to become a certified ethical hacker in the very first attempt, for which hard work and dedication are highly recommended.  Preparation Steps We will discuss here the 5 steps to prepare for CEH certification.  1. Plan the training Once you decide to achieve the certification, you need a concrete plan for training as well as practice. Choose the best source for training. We highly recommend choosing offline classroom training if you are a student or novice in cybersecurity. Usually, you can complete training in 3-4 months or less.  The reason we recommend an offline course is that meeting other like-minded learners and professionals will help you  develop the ethical hacker mindset. You can get in touch with proper mentors, people with similar mind-sets and take advantage of group study which can reveal many unknown issues, incidents, and examples. Of course, this will cost you more but you can’t learn to swim without getting wet.2. Get your hands dirty – Practice! The plus point of the latest version of CEH v11 is that it is more focused,  practical based and scenario-based with the latest content that equips students with hands-on skills. Remember, security is all about practice and implementation rather than a bunch of documents and do’s and don’ts checklist. In the course of gaining the credential you will learn about methods and tools that you can use to protect the organization such as security implementations, testing, and monitoring. Just bookish knowledge won’t help there. We recommend that spending at least 2 hours daily practice apart from training will improve your skills dramatically.3. Study Guides  While we did mention above not to be bookish, books are a treasure trove of knowledge and even for clearing the CEH you must do a thorough read of the recommended books.  You can religiously follow study guides and clear your concept on every topic in a very descriptive manner. This will answer all your “What and Why” in terms of cybersecurity and ethical hacking. Of course, this is world-class content and therefore you will get exact definitions, descriptions, and diagrams for almost all topics. We recommend studying at least 1 hour daily to get clear on all topics during the training.  4. Study groups - Community Study groups will polish your knowledge and skills for CEH topics. There are many study groups you can join where you can resolve your queries, clear your doubts, take help to learn something, and help others too. This will help you to stay in the company of like-minded people and you will get to learn fast.  However, it is recommended not to share any personal/sensitive information. Beware of any unknown person who asks for sensitive information like your IP address, location, personal information, or anything apart from CEH courseware.   We recommend making a study group with the people you know who are also attempting the exam. You can take the help of your trainer or mentor to manage this group. Be active and participate in group activities like quizzes or group discussions. 5. Self-assessment Keep learning is the key element of CEH training. Brush up your knowledge for the exam perspective as that is your main goal to become certified. For this, you need to learn how to give the exam and what type of questions are asked. For a second, let’s imagine the scenario of a war. If a new trainee soldier having knowledge of arms and wearing his 15 kgs protective suit jumped into the warzone, do you think he can fight better and save the lives of others without having any practice? Probably not, because he is unaware of war scenarios, combat methods, and ways of attack and defense in real war zones where the situation is uncertain. The same concept applies to CEH exams. You may face a lot of weird-looking or twisted or tricky questions with confusing multiple answers. Therefore, once you are done with your CEH training and you have knowledge of all topics, you need to test it like a mock drill of the war zone.There are many sources available where you can practice the exam questions. This platform will help you to understand the methods to ace the exam questions, and complete them within the required timeframe. Here we are sharing some links to practice for your exams. ( Note: We do not promote any website or any platform here. These links are shared to help students find good options for studying.) CEH ASSESSMENT- EC-CouncilEC-Council® CEH™ Exam PrepCEH practice examApart from this, you can follow blogs, industry experts, and relevant videos for more understanding and guidance.Required soft skills Every job roles needs certain skills apart from the core skills needed to perform on the job. These include soft skills that will help you grow as an individual and as a professional.Be Curious – Be hungry for knowledge and for learning new things and gaining new skills.  Be Enthusiastic - Be enthusiastic and motivated throughout your journey as a hacker and you will be rewarded.  Eliminate the distractions - Avoid time-wasting or non-productive activities during the training like spending time on online games or social media. About the exam After getting trained and completing your practice, it is time for the exam. The CEH exam is a 4 hour exam with 125 multiple choice questions. Check the below link for the exam blueprint to get an idea of the percentage ratio of each module during the CEH exam. Examination centres can be chosen based on your location. Keep your exam code with you. The exam organizers have a process to determine the difficulty rating of each question. For more information, you can check out the EC-Council website and get in touch with your training center.Conclusion So, start your journey on becoming a certified cyber security professional with the CEH course and credential. As with anything else, practice makes perfect and you will become better as an ethical hacker with practice. Work hard and you will definitely achieve your CEH certification at the very first attempt. 
9636
How To Clear CEH in First Attempt?

Cybercrime and hacking attacks are doubling year o... Read More

What Is SQL Injection (SQLi)

In today’s world cyber-attacks are triggered to alter or steal the information of a person or an organization in a huge volume of data. It is very much important to protect the data/database from security related attacks.SQL injection is one of the top trending cyber attack techniques recognized by the world’s top non-profit security foundation OWASP (Open Web Application Security Project). SQL injection attacks are made by inserting or injecting the SQL query input from the client end of the application. In this article, we will learn about the SQL injection, types of attacks using SQL injection and preventive steps.  What is SQL Injection? SQL injection attack is used to insert malicious SQL statements into an entry field for execution. This injection technique is the most common web application hacking attack that allows an attacker to get unauthorised access, commit identity spoofing, tamper, take control or destroy your database. This is an attack that is very simple and easy to carry out even for script kiddies.  As we can see in the above picture, this is the second most common vulnerability that can impact databases. SQL injection flaws occur because of poorly designed web applications that can exploit SQL statements that execute malicious code.  How SQL injection is used is very much dependent on the intention of the hacker. With unauthorized access to a database server, what can attackers do? Here are some examples: Download unauthorized data of a person or an organization Delete/modify data Permanently destroy data/backups Add a virus to a system Alter security Encrypt/steal/alter data and hold it for ransom Publicly shame an organization via a web or social media hack Use data to harm business operations How does SQL injection work? To understand SQL injection, you need to know what SQL is.   SQL – SQL stands for Structured Query Language. This language is mainly developed for interacting with the relational database. For data manipulation, Query is used to insert data, modify the database, or just to access the required data.Image SourceSQL Injection is one of the most vulnerable threats which may exploit the entire database of any private organization or government sector where code is injected in a web page.  An SQL statement will be altered in a manner which goes with ALWAYS TRUE as constraint. (In simple words 1=1  This will be always true) It allows an attacker to view unauthorized data. This might include data belonging to other users, or any other data that the application itself is able to access. An attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.SQL injection TypesThere are a wide variety of SQL injection vulnerabilities, attacks, and techniques, which arise in different situations. Some common SQL injection examples include:Tautologies – Used to Bypass AuthenticationSelect * from USERTable where uid=‘xyz’ and pwd =’x’ or ‘5’=’5’;Union – Used to Extract Data. A different dataset is returned from the Database.  Illegal/Logically Incorrect Queries - Used to Identify injectable parameters.  Piggybacked Queries - Multiple queries are executed without the knowledge of the user which may lead to Database exploitation. Injected queries are added to the normal executable query. Inference - Different responses from the database are cross checked by changing its behavior.  Stored procedure - Injection is done to the stored procedure present in the Database.Common Causes and how to avoid SQL Injection Attack-If we are assuming our application’s code/web forms are well protected against any kind of attack by default, application changes and assumptions that were true in the past or present may not be true in the future and may require additional changes. These assumptions eventually lead to compliance and security auditing failures. Using unsupported or legacy software/code/tools or features may lead to security holes and there could be chances of delay in catching or fixing such issues. Running patched and upgraded versions of code is critical to avoid security exploits. Continuously monitoring for new security vulnerabilities and reacting as needed is an important step towards avoiding unnecessary surprises. Reviewing old code is very important, and timely changes in the code are highly recommended as technologies keeps changing. The versions, functions, and extensions require regular upgrades. Older versions or codes are quite vulnerable and might be unable to maintain the integrity of your application. How to detect SQL injection vulnerabilitiesAs a pentester, you can use two techniques to find SQL injection vulnerabilities with high efficiency - manual and automated testing.Manual Testing During application development there are set of tests performed on each level, that help to detect any SQL injection vulnerability, if it exists. Check with the single ' character ‘ and look for errors or other anomalies. The tester can add some SQL specific syntax into code that can evaluate the original value of the entry point and other values, and check for different responses by the application. Another method is to create a Boolean condition, for example “OR 1=1” and “OR 1=2”, and check again to see if the application response is different.  There are some payloads available that are designed to trigger time delays if executed in SQL query, and you can check if there is any delay in response. Automated TestingThere are many good tools and frameworks available in the market. Here is the list of some of the best tools for SQL injection detection. SQLMap Appsider by Rapid7 Accunetix Wapiti Netsparker etc.How to prevent SQL injection vulnerability? To prevent or avoid SQL injection vulnerability, we must first understand why it occurs, and why it is listed as one of the vulnerabilities in the OWASP top 10.  The SQL injection is so easy to perform, that even a script kiddie can make an attempt.  Another reason is the treasure of critical data that lures the attacker to use SQL injection.  Below is the vulnerable code for SQL injection where the user input is concatenated directly into the query: String query = “;SELECT * FROM products WHERE category = ‘";+ input + "’" Statement statement = connection.createStatement(); ResultSet resultSet = statement.executeQuery(query); Check out the code below that helps to prevents the user input from interfering with the query structure: PreparedStatement statement = connection.prepareStatement("SELECT * FROM products WHERE category = ?");  statement.setString(1, input);  ResultSet resultSet = statement.executeQuery(); Primary recommendations: Use Parameterised queries  Least Privilege Use stored procedures if required White listing the input fields Avoid displaying detailed error messages that are useful to an attacker. It is also important to get patch updates regularly, as every day there are many new vulnerabilities that are found.  It is also recommended to use a Web Application Firewall to protect your application, which can help you to filter and find malicious data.  Where Do We Go Next? It is very important to identify and mitigate this notorious vulnerability and take immediate actions to keep your systems secure. Many skilled attackers are waiting to take advantage of your mistakes, like poor code, so that they can hack into the database. We know this vulnerability is very old but we have to be aware of the outcomes of this type of vulnerability and try to prevent this during the development phase, rather than covering up the liability later.  
7388
What Is SQL Injection (SQLi)

In today’s world cyber-attacks are triggered to ... Read More