- Blog Categories
- Project Management
- Agile Management
- IT Service Management
- Cloud Computing
- Business Management
- BI And Visualisation
- Quality Management
- Cyber Security
- Most Popular Blogs
- PMP Exam Schedule for 2025: Check PMP Exam Date
- Top 60+ PMP Exam Questions and Answers for 2025
- PMP Cheat Sheet and PMP Formulas To Use in 2025
- What is PMP Process? A Complete List of 49 Processes of PMP
- Top 15+ Project Management Case Studies with Examples 2025
- Top Picks by Authors
- Top 170 Project Management Research Topics
- What is Effective Communication: Definition
- How to Create a Project Plan in Excel in 2025?
- PMP Certification Exam Eligibility in 2025 [A Complete Checklist]
- PMP Certification Fees - All Aspects of PMP Certification Fee
- Most Popular Blogs
- CSM vs PSM: Which Certification to Choose in 2025?
- How Much Does Scrum Master Certification Cost in 2025?
- CSPO vs PSPO Certification: What to Choose in 2025?
- 8 Best Scrum Master Certifications to Pursue in 2025
- Safe Agilist Exam: A Complete Study Guide 2025
- Top Picks by Authors
- SAFe vs Agile: Difference Between Scaled Agile and Agile
- Top 21 Scrum Best Practices for Efficient Agile Workflow
- 30 User Story Examples and Templates to Use in 2025
- State of Agile: Things You Need to Know
- Top 24 Career Benefits of a Certifed Scrum Master
- Most Popular Blogs
- ITIL Certification Cost in 2025 [Exam Fee & Other Expenses]
- Top 17 Required Skills for System Administrator in 2025
- How Effective Is Itil Certification for a Job Switch?
- IT Service Management (ITSM) Role and Responsibilities
- Top 25 Service Based Companies in India in 2025
- Top Picks by Authors
- What is Escalation Matrix & How Does It Work? [Types, Process]
- ITIL Service Operation: Phases, Functions, Best Practices
- 10 Best Facility Management Software in 2025
- What is Service Request Management in ITIL? Example, Steps, Tips
- An Introduction To ITIL® Exam
- Most Popular Blogs
- A Complete AWS Cheat Sheet: Important Topics Covered
- Top AWS Solution Architect Projects in 2025
- 15 Best Azure Certifications 2025: Which one to Choose?
- Top 22 Cloud Computing Project Ideas in 2025 [Source Code]
- How to Become an Azure Data Engineer? 2025 Roadmap
- Top Picks by Authors
- Top 40 IoT Project Ideas and Topics in 2025 [Source Code]
- The Future of AWS: Top Trends & Predictions in 2025
- AWS Solutions Architect vs AWS Developer [Key Differences]
- Top 20 Azure Data Engineering Projects in 2025 [Source Code]
- 25 Best Cloud Computing Tools in 2025
- Most Popular Blogs
- Company Analysis Report: Examples, Templates, Components
- 400 Trending Business Management Research Topics
- Business Analysis Body of Knowledge (BABOK): Guide
- ECBA Certification: Is it Worth it?
- Top Picks by Authors
- Top 20 Business Analytics Project in 2025 [With Source Code]
- ECBA Certification Cost Across Countries
- Top 9 Free Business Requirements Document (BRD) Templates
- Business Analyst Job Description in 2025 [Key Responsibility]
- Business Analysis Framework: Elements, Process, Techniques
- Most Popular Blogs
- Best Career options after BA [2025]
- Top Career Options after BCom to Know in 2025
- Top 10 Power Bi Books of 2025 [Beginners to Experienced]
- Power BI Skills in Demand: How to Stand Out in the Job Market
- Top 15 Power BI Project Ideas
- Top Picks by Authors
- 10 Limitations of Power BI: You Must Know in 2025
- Top 45 Career Options After BBA in 2025 [With Salary]
- Top Power BI Dashboard Templates of 2025
- What is Power BI Used For - Practical Applications Of Power BI
- SSRS Vs Power BI - What are the Key Differences?
- Most Popular Blogs
- Data Collection Plan For Six Sigma: How to Create One?
- Quality Engineer Resume for 2025 [Examples + Tips]
- 20 Best Quality Management Certifications That Pay Well in 2025
- Six Sigma in Operations Management [A Brief Introduction]
- Top Picks by Authors
- Six Sigma Green Belt vs PMP: What's the Difference
- Quality Management: Definition, Importance, Components
- Adding Green Belt Certifications to Your Resume
- Six Sigma Green Belt in Healthcare: Concepts, Benefits and Examples
- Most Popular Blogs
- Latest CISSP Exam Dumps of 2025 [Free CISSP Dumps]
- CISSP vs Security+ Certifications: Which is Best in 2025?
- Best CISSP Study Guides for 2025 + CISSP Study Plan
- How to Become an Ethical Hacker in 2025?
- Top Picks by Authors
- CISSP vs Master's Degree: Which One to Choose in 2025?
- CISSP Endorsement Process: Requirements & Example
- OSCP vs CISSP | Top Cybersecurity Certifications
- How to Pass the CISSP Exam on Your 1st Attempt in 2025?
- More
- Agile & PMP Practice Tests
- Agile Testing
- Agile Scrum Practice Exam
- CAPM Practice Test
- PRINCE2 Foundation Exam
- PMP Practice Exam
- Cloud Related Practice Test
- Azure Infrastructure Solutions
- AWS Solutions Architect
- IT Related Pratice Test
- ITIL Practice Test
- Devops Practice Test
- TOGAF® Practice Test
- Other Practice Test
- Oracle Primavera P6 V8
- MS Project Practice Test
- Project Management & Agile
- Project Management Interview Questions
- Release Train Engineer Interview Questions
- Agile Coach Interview Questions
- Scrum Interview Questions
- IT Project Manager Interview Questions
- Cloud & Data
- Azure Databricks Interview Questions
- AWS architect Interview Questions
- Cloud Computing Interview Questions
- AWS Interview Questions
- Kubernetes Interview Questions
- Web Development
- CSS3 Free Course with Certificates
- Basics of Spring Core and MVC
- Javascript Free Course with Certificate
- React Free Course with Certificate
- Node JS Free Certification Course
- Data Science
- Python Machine Learning Course
- Python for Data Science Free Course
- NLP Free Course with Certificate
- Data Analysis Using SQL
Introduction to Vulnerability Analysis in Ethical Hacking
Updated on Nov 18, 2020 | 10 min read | 11.21K+ views
Share:
In this article we will discuss the various aspects of Vulnerability analysis in ethical hacking. We will walk you through common examples of vulnerability, various lists and models to prevent them. The models we will be discussing are firewall, password, logical bombing and web hijacking, and in this article, we will talk about the methods to protect systems from these vulnerabilities.
What is Vulnerability?
Vulnerability can be defined as an issue in the software code that a hacker can exploit to harm the systems. It can be a gap in the implementation of cybersecurity procedures or a weakness in the controls.
What is an example of vulnerability?
Examples of vulnerabilities exist in every industry. These include:
- Unauthorized network access by Hackers due to a weak Firewall
- Cracking of Wi-Fi Passwords
- Exposure of sensitive data due to lack of application security
- Credit card data, Health Records
- Security misconfiguration
- Misconfiguration of passwords
- Insecure cryptographic storage
What are the 4 main types of vulnerabilities?
The 4 main types of vulnerabilities are:
- Faulty defenses – Poor defense measures pave the way for easy intrusion by hackers. This may be due to weak authentication, authorization, and encryption.
- Resource management not adequate –The chances of buffer overflow and the potential to have many vulnerabilities are greater when there is inadequate resource management.
- Insecure connections – If the connection between the system, application and networks is insecure, there is a higher probability of many threats like SQL injection.
- End user errors and misuse – In many cases, the errors are caused by humans and misuse of the systems.
What are vulnerability lists?
Below are the various types of Vulnerability lists as per OWASP. There are around 60 in number at present, and the list is growing:
- Allowing Domains or Accounts to Expire
- When domain names have expired, the hacker may buy them and set up a mail server. The hacker can find out the incoming mails and get to know the details.
- Buffer Overflow
- A process where there is more data added to the buffer and the excess data becomes corrupted and susceptible to vulnerabilities.
- Business logic vulnerability
- The software code may be missing a security control like authentications, encryption, or authorization.
- CRLF Injection
- Carriage Return Line Feed – Can be done by modifying the HTTP parameter of the URL.
- CSV Injection
- When untrusted CSV files are embedded to the websites causing vulnerabilities.
- Catch Null Pointer Exception
- When the program contains the null pointer, it is highly risky.
- Covert storage channel
- This can help the attackers easily and often happens due to faulty implementation.
- Deserialization of untrusted data
- Injection of malicious data into the applications to stop execution of programs.
- Directory Restriction Error
- Happens due to the improper use of CHROOT.
- Doubly freeing memory
- This error occurs when free() is called more than once in the memory address.
- Empty String Password
- Empty string password is highly insecure.
- Expression Language Injection
- Injection happens when attacker-controlled data enters an EL interpreter.
- Full Trust CLR Verification issue Exploiting Passing Reference Types by Reference
- Create a file called by ValueTypeTest.cs and compile it using csc by Value Type Test.csc.
- Heartbleed Bug
- Catastrophic bug in OpenSSL
- Improper Data Validation
- Multiple validation forms with the same name indicate that validation logic is not up-to-date.
- Improper pointer subtraction
- The subtraction of one pointer from another to determine the size is dependent on the assumption that both pointers exist in the same memory chunk.
- Information exposure through query strings in url
- Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL.
- Injection problem
- The basic form of this flaw involves the injection of control-plane data into the data-plane in order to alter the control flow of the process.
- Insecure Compiler Optimization
- Improperly scrubbing sensitive data from memory can compromise security.
- Insecure Randomness
- Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context.
- Insecure Temporary File
- Creating and using insecure temporary files can leave application and system data vulnerable to attacks.
- Insecure Third-Party Domain Access
- Occurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.
- Insecure Transport
- The application configuration should ensure that SSL is used for all access-controlled pages.
- Insufficient Entropy
- Pseudo Random Number Generators are susceptible to suffering from insufficient entropy when they are initialized, because entropy data may not be available to them yet.
- Insufficient Session-ID Length
- Session identifiers should be at least 128 bits long to prevent brute-force session guessing attacks.
- Least Privilege Violation
- The elevated privilege level required to perform operations such as chroot () should be dropped immediately after the operation is performed.
- Memory leak
- A memory leak is an unintentional form of memory consumption whereby the developer fails to free an allocated block of memory when no longer needed.
- Missing Error Handling.
- Must define a default error page for 404 errors, 500 errors.
- Missing XML Validation
- Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.
- Multiple admin levels
- Multiple level admins may alter the login credentials.
Other list of Vulnerabilities
- Null Dereference
- OWASP .NET Vulnerability Research
- Overly Permissive Regular Expression
- PHP File Inclusion
- PHP Object Injection
- PRNG Seed Error
- Password Management Hardcoded Password
- Password Plaintext Storage
- Poor Logging Practice
- Portability Flaw
- Privacy Violation
- Process Control
- Return Inside Finally Block
- Session Variable Overloading
- String Termination Error
- Unchecked Error Condition
- Unchecked Return Value Missing Check against Null
- Undefined Behavior
- Unreleased Resource
- Unrestricted File Upload
- Unsafe JNI
- Unsafe Mobile Code
- Unsafe function call from a signal handler
- Unsafe use of Reflection
- Use of Obsolete Methods
- Use of hard-coded password
- Using a broken or risky cryptographic algorithm
- Using freed memory
- Vulnerability template
- XML External Entity (XXE) Processing
What is Vulnerability Analysis?
Vulnerability analysis is a procedure to check all the vulnerabilities in the systems, computers and other ecosystem tools. The vulnerability analysis helps in the analyzing, recognizing and ranking of the vulnerabilities as per the severity. It helps with the identification and assessment of threat details, enabling us to keep a resolution to protect them from hackers. The analysis can be done for every industry from Healthcare to Retail to IT.
Objectives of the Vulnerability analysis
- To identify vulnerabilities – Configuration, system, Design, Code, Process.
- Documenting the vulnerabilities.
- Preparation of guidance to mitigate the vulnerabilities.
Importance of Vulnerability Analysis
- Deep dive insights of the security issues.
- Helps us understand the risks associated with the entire ecosystem.
- For security breaches
- Assets that are prone to cyber attacks.
Steps for the vulnerability Analysis
Master Right Skills & Boost Your Career
Avail your free 1:1 mentorship session
How to check if the organization requires Vulnerability Analysis
Types of Vulnerability Assessment
Network Based Scans
To identify network vulnerabilities. This scan helps to find the vulnerable systems in the wired and wireless networks.
Host Based Scans
This scan is to identify vulnerabilities in the ports, configuration, server workstations, other hosts and patch history.
Wireless Network Scans
Complete scan on wireless networks to find the vulnerabilities.
Application Scans
To test all portals and mobile applications for vulnerabilities.
Database Scans
To scan all the databases for potential vulnerabilities.
Models of Vulnerability in Ethical Hacking
Firewall model
- Insider attacks - A Perimeter firewall should be decided and this can take care of the external attacks
- Missed security patches
- When the patch management of firewall has not happened
- Configuration issues
- If there are faults in the configuration of firewall
- DDOS attacks
- Only allow legitimate traffic to avoid these attacks
Password model
To crack the password the hacker uses any of the following – Dictionary, Hybrid model and Brute force
Logical Bombing
This usually happens when the hacker uses a malicious code to inject the web application or the cloud infrastructure
Web Hijacking
This happens when an unauthorized user tries to access the application bypassing the authorization mechanism
Protection from Hacking
We need to follow some simple steps to prevent hacking
- Updating of Operating systems
- Installation of the proper firewall to prevent intrusion
- Destroying all personal information from all the web sources
- No use of Open Wi-Fi
- Password – Strong password which is not easy to find out
- Smart emailing – Avoid opening of phishing mails
- Keep the sensitive data in the protected environment
- Ignore spam
- Shut down the systems after use
- Secure the network
- Back up the data
Conclusion
In this article we have discussed the various vulnerabilities that hackers can exploit to gain unauthorized access to a system. Best practices and techniques on how to find the vulnerabilities are also discussed. We have discussed the analysis of vulnerabilities and how it helps in preventing the system from being hacked. Finally, we have discussed models of vulnerabilities in ethical hacking and the ways to keep ourselves protected from hacking.
221 articles published
Vitesh Sharma, a distinguished Cyber Security expert with a wealth of experience exceeding 6 years in the Telecom & Networking Industry. Armed with a CCIE and CISA certification, Vitesh possesses expe...
Get Free Consultation
By submitting, I accept the T&C and
Privacy Policy