Explore Courses
course iconScrum AllianceCertified ScrumMaster (CSM) Certification
  • 16 Hours
Best seller
course iconScrum AllianceCertified Scrum Product Owner (CSPO) Certification
  • 16 Hours
Best seller
course iconScaled AgileLeading SAFe 6.0 Certification
  • 16 Hours
Trending
course iconScrum.orgProfessional Scrum Master (PSM) Certification
  • 16 Hours
course iconScaled AgileSAFe 6.0 Scrum Master (SSM) Certification
  • 16 Hours
course iconScaled Agile, Inc.Implementing SAFe 6.0 (SPC) Certification
  • 32 Hours
Recommended
course iconScaled Agile, Inc.SAFe 6.0 Release Train Engineer (RTE) Certification
  • 24 Hours
course iconScaled Agile, Inc.SAFe® 6.0 Product Owner/Product Manager (POPM)
  • 16 Hours
Trending
course iconIC AgileICP Agile Certified Coaching (ICP-ACC)
  • 24 Hours
course iconScrum.orgProfessional Scrum Product Owner I (PSPO I) Training
  • 16 Hours
course iconAgile Management Master's Program
  • 32 Hours
Trending
course iconAgile Excellence Master's Program
  • 32 Hours
Agile and ScrumScrum MasterProduct OwnerSAFe AgilistAgile CoachFull Stack Developer BootcampData Science BootcampCloud Masters BootcampReactNode JsKubernetesCertified Ethical HackingAWS Solutions Architect AssociateAzure Data Engineercourse iconPMIProject Management Professional (PMP) Certification
  • 36 Hours
Best seller
course iconAxelosPRINCE2 Foundation & Practitioner Certification
  • 32 Hours
course iconAxelosPRINCE2 Foundation Certification
  • 16 Hours
course iconAxelosPRINCE2 Practitioner Certification
  • 16 Hours
Change ManagementProject Management TechniquesCertified Associate in Project Management (CAPM) CertificationOracle Primavera P6 CertificationMicrosoft Projectcourse iconJob OrientedProject Management Master's Program
  • 45 Hours
Trending
course iconProject Management Master's Program
  • 45 Hours
Trending
PRINCE2 Practitioner CoursePRINCE2 Foundation CourseProject ManagerProgram Management ProfessionalPortfolio Management Professionalcourse iconAWSAWS Certified Solutions Architect - Associate
  • 32 Hours
Best seller
course iconAWSAWS Cloud Practitioner Certification
  • 32 Hours
course iconAWSAWS DevOps Certification
  • 24 Hours
course iconMicrosoftAzure Fundamentals Certification
  • 16 Hours
course iconMicrosoftAzure Administrator Certification
  • 24 Hours
Best seller
course iconMicrosoftAzure Data Engineer Certification
  • 45 Hours
Recommended
course iconMicrosoftAzure Solution Architect Certification
  • 32 Hours
course iconMicrosoftAzure DevOps Certification
  • 40 Hours
course iconAWSSystems Operations on AWS Certification Training
  • 24 Hours
course iconAWSDeveloping on AWS
  • 24 Hours
course iconJob OrientedAWS Cloud Architect Masters Program
  • 48 Hours
New
course iconCareer KickstarterCloud Engineer Bootcamp
  • 100 Hours
Trending
Cloud EngineerCloud ArchitectAWS Certified Developer Associate - Complete GuideAWS Certified DevOps EngineerAWS Certified Solutions Architect AssociateMicrosoft Certified Azure Data Engineer AssociateMicrosoft Azure Administrator (AZ-104) CourseAWS Certified SysOps Administrator AssociateMicrosoft Certified Azure Developer AssociateAWS Certified Cloud Practitionercourse iconAxelosITIL 4 Foundation Certification
  • 16 Hours
Best seller
course iconAxelosITIL Practitioner Certification
  • 16 Hours
course iconPeopleCertISO 14001 Foundation Certification
  • 16 Hours
course iconPeopleCertISO 20000 Certification
  • 16 Hours
course iconPeopleCertISO 27000 Foundation Certification
  • 24 Hours
course iconAxelosITIL 4 Specialist: Create, Deliver and Support Training
  • 24 Hours
course iconAxelosITIL 4 Specialist: Drive Stakeholder Value Training
  • 24 Hours
course iconAxelosITIL 4 Strategist Direct, Plan and Improve Training
  • 16 Hours
ITIL 4 Specialist: Create, Deliver and Support ExamITIL 4 Specialist: Drive Stakeholder Value (DSV) CourseITIL 4 Strategist: Direct, Plan, and ImproveITIL 4 Foundationcourse iconJob OrientedData Science Bootcamp
  • 6 Months
Trending
course iconJob OrientedData Engineer Bootcamp
  • 289 Hours
course iconJob OrientedData Analyst Bootcamp
  • 6 Months
course iconJob OrientedAI Engineer Bootcamp
  • 288 Hours
New
Data Science with PythonMachine Learning with PythonData Science with RMachine Learning with RPython for Data ScienceDeep Learning Certification TrainingNatural Language Processing (NLP)TensorFlowSQL For Data AnalyticsData ScientistData AnalystData EngineerAI EngineerData Analysis Using ExcelDeep Learning with Keras and TensorFlowDeployment of Machine Learning ModelsFundamentals of Reinforcement LearningIntroduction to Cutting-Edge AI with TransformersMachine Learning with PythonMaster Python: Advance Data Analysis with PythonMaths and Stats FoundationNatural Language Processing (NLP) with PythonPython for Data ScienceSQL for Data Analytics CoursesAI Advanced: Computer Vision for AI ProfessionalsMaster Applied Machine LearningMaster Time Series Forecasting Using Pythoncourse iconDevOps InstituteDevOps Foundation Certification
  • 16 Hours
Best seller
course iconCNCFCertified Kubernetes Administrator
  • 32 Hours
New
course iconDevops InstituteDevops Leader
  • 16 Hours
KubernetesDocker with KubernetesDockerJenkinsOpenstackAnsibleChefPuppetDevOps EngineerDevOps ExpertCI/CD with Jenkins XDevOps Using JenkinsCI-CD and DevOpsDocker & KubernetesDevOps Fundamentals Crash CourseMicrosoft Certified DevOps Engineer ExpertAnsible for Beginners: The Complete Crash CourseContainer Orchestration Using KubernetesContainerization Using DockerMaster Infrastructure Provisioning with Terraformcourse iconCertificationTableau Certification
  • 24 Hours
Recommended
course iconCertificationData Visualization with Tableau Certification
  • 24 Hours
course iconMicrosoftMicrosoft Power BI Certification
  • 24 Hours
Best seller
course iconTIBCOTIBCO Spotfire Training
  • 36 Hours
course iconCertificationData Visualization with QlikView Certification
  • 30 Hours
course iconCertificationSisense BI Certification
  • 16 Hours
Data Visualization Using Tableau TrainingData Analysis Using Excelcourse iconEC-CouncilCertified Ethical Hacker (CEH v12) Certification
  • 40 Hours
course iconISACACertified Information Systems Auditor (CISA) Certification
  • 22 Hours
course iconISACACertified Information Security Manager (CISM) Certification
  • 40 Hours
course icon(ISC)²Certified Information Systems Security Professional (CISSP)
  • 40 Hours
course icon(ISC)²Certified Cloud Security Professional (CCSP) Certification
  • 40 Hours
course iconCertified Information Privacy Professional - Europe (CIPP-E) Certification
  • 16 Hours
course iconISACACOBIT5 Foundation
  • 16 Hours
course iconPayment Card Industry Security Standards (PCI-DSS) Certification
  • 16 Hours
CISSPcourse iconCareer KickstarterFull-Stack Developer Bootcamp
  • 6 Months
Best seller
course iconJob OrientedUI/UX Design Bootcamp
  • 3 Months
Best seller
course iconEnterprise RecommendedJava Full Stack Developer Bootcamp
  • 6 Months
course iconCareer KickstarterFront-End Development Bootcamp
  • 490+ Hours
course iconCareer AcceleratorBackend Development Bootcamp (Node JS)
  • 4 Months
ReactNode JSAngularJavascriptPHP and MySQLAngular TrainingBasics of Spring Core and MVCFront-End Development BootcampReact JS TrainingSpring Boot and Spring CloudMongoDB Developer Coursecourse iconBlockchain Professional Certification
  • 40 Hours
course iconBlockchain Solutions Architect Certification
  • 32 Hours
course iconBlockchain Security Engineer Certification
  • 32 Hours
course iconBlockchain Quality Engineer Certification
  • 24 Hours
course iconBlockchain 101 Certification
  • 5+ Hours
NFT Essentials 101: A Beginner's GuideIntroduction to DeFiPython CertificationAdvanced Python CourseR Programming LanguageAdvanced R CourseJavaJava Deep DiveScalaAdvanced ScalaC# TrainingMicrosoft .Net Frameworkcourse iconCareer AcceleratorSoftware Engineer Interview Prep
  • 3 Months
Data Structures and Algorithms with JavaScriptData Structures and Algorithms with Java: The Practical GuideLinux Essentials for Developers: The Complete MasterclassMaster Git and GitHubMaster Java Programming LanguageProgramming Essentials for BeginnersSoftware Engineering Fundamentals and Lifecycle (SEFLC) CourseTest-Driven Development for Java ProgrammersTypeScript: Beginner to Advanced

Introduction to Vulnerability Analysis in Ethical Hacking

By Vitesh Sharma

Updated on Nov 18, 2020 | 10 min read | 11.21K+ views

Share:

In this article we will discuss the various aspects of Vulnerability analysis in ethical hacking. We will walk you through common examples of vulnerability, various lists and models to prevent them. The models we will be discussing are firewall, password, logical bombing and web hijacking, and in this article, we will talk about the methods to protect systems from these vulnerabilities.

What is Vulnerability?

Vulnerability can be defined as an issue in the software code that a hacker can exploit to  harm the systems. It can be a gap in the implementation of cybersecurity procedures or a weakness in the controls.

What is an example of vulnerability?

Examples of vulnerabilities exist in every industry. These include:

  • Unauthorized network access by Hackers due to a weak Firewall
  • Cracking of Wi-Fi Passwords
  • Exposure of sensitive data due to lack of application security
    • Credit card data, Health Records
  • Security misconfiguration
    • Misconfiguration of passwords
  • Insecure cryptographic storage

What are the 4 main types of vulnerabilities?

The  4 main types of vulnerabilities are:

  1. Faulty defenses – Poor defense measures pave the way for easy intrusion by hackers.  This may be due to weak authentication, authorization, and encryption.
  2. Resource management not adequate –The chances of buffer overflow and the potential to have many vulnerabilities are greater when there is inadequate resource management.
  3. Insecure connections – If the connection between the system, application and networks is insecure, there is a higher probability of many threats like SQL injection.
  4. End user errors and misuse – In many cases, the errors are caused by humans and misuse of the systems.

What are vulnerability lists?

Below are the various types of Vulnerability lists as per OWASP. There are around 60 in number at present, and the list is growing:

  1. Allowing Domains or Accounts to Expire
    • When domain names have expired, the hacker may buy them and set up a mail server. The hacker can find out the incoming mails and get to know the details.
  2. Buffer Overflow
    • A process where there is more data added to the buffer and the excess data becomes corrupted and susceptible to vulnerabilities.
  3. Business logic vulnerability
    • The software code may be missing a security control like authentications, encryption, or authorization.
  4. CRLF Injection
    • Carriage Return Line Feed – Can be done by modifying the HTTP parameter of the URL.
  5. CSV Injection
    • When untrusted CSV files are embedded to the websites causing vulnerabilities.
  6. Catch Null Pointer Exception
    • When the program contains the null pointer, it is highly risky.
  7. Covert storage channel
    • This can help the attackers easily and often happens due to faulty implementation.
  8. Deserialization of untrusted data
    • Injection of malicious data into the applications to stop execution of programs.
  9. Directory Restriction Error
    • Happens due to the improper use of CHROOT.
  10. Doubly freeing memory
    • This error occurs when free() is called more than once in the memory address.
  11. Empty String Password
    • Empty string password is highly insecure.
  12. Expression Language Injection
    • Injection happens when attacker-controlled data enters an EL interpreter.
  13. Full Trust CLR Verification issue Exploiting Passing Reference Types by Reference
    • Create a file called by ValueTypeTest.cs and compile it using csc by Value Type Test.csc.
  14. Heartbleed Bug
    • Catastrophic bug in OpenSSL
  15. Improper Data Validation
    • Multiple validation forms with the same name indicate that validation logic is not up-to-date.
  16. Improper pointer subtraction
    • The subtraction of one pointer from another to determine the size is dependent on the assumption that both pointers exist in the same memory chunk.
  17. Information exposure through query strings in url 
    • Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL.
  18. Injection problem
    • The basic form of this flaw involves the injection of control-plane data into the data-plane in order to alter the control flow of the process.
  19. Insecure Compiler Optimization
    • Improperly scrubbing sensitive data from memory can compromise security.
  20. Insecure Randomness
    • Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context.
  21. Insecure Temporary File
    • Creating and using insecure temporary files can leave application and system data vulnerable to attacks.
  22. Insecure Third-Party Domain Access
    • Occurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.
  23. Insecure Transport
    • The application configuration should ensure that SSL is used for all access-controlled pages.
  24. Insufficient Entropy
    • Pseudo Random Number Generators are susceptible to suffering from insufficient entropy when they are initialized, because entropy data may not be available to them yet.
  25. Insufficient Session-ID Length
    • Session identifiers should be at least 128 bits long to prevent brute-force session guessing attacks.
  26. Least Privilege Violation
    • The elevated privilege level required to perform operations such as chroot () should be dropped immediately after the operation is performed.
  27. Memory leak
    • A memory leak is an unintentional form of memory consumption whereby the developer fails to free an allocated block of memory when no longer needed.
  28. Missing Error Handling.
  29. Must define a default error page for 404 errors, 500 errors.
  30. Missing XML Validation
    • Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.
  31. Multiple admin levels
    • Multiple level admins may alter the login credentials.

Other list of Vulnerabilities

  1. Null Dereference
  2. OWASP .NET Vulnerability Research
  3. Overly Permissive Regular Expression
  4. PHP File Inclusion
  5. PHP Object Injection 
  6. PRNG Seed Error
  7. Password Management Hardcoded Password
  8. Password Plaintext Storage
  9. Poor Logging Practice
  10. Portability Flaw
  11. Privacy Violation
  12. Process Control
  13. Return Inside Finally Block
  14. Session Variable Overloading
  15. String Termination Error
  16. Unchecked Error Condition
  17. Unchecked Return Value Missing Check against Null
  18. Undefined Behavior
  19. Unreleased Resource
  20. Unrestricted File Upload
  21. Unsafe JNI
  22. Unsafe Mobile Code
  23. Unsafe function call from a signal handler
  24. Unsafe use of Reflection
  25. Use of Obsolete Methods
  26. Use of hard-coded password
  27. Using a broken or risky cryptographic algorithm
  28. Using freed memory
  29. Vulnerability template
  30. XML External Entity (XXE) Processing

What is Vulnerability Analysis?

Vulnerability analysis is a procedure to check all the vulnerabilities in the systems, computers and other ecosystem tools. The vulnerability analysis helps in the analyzing, recognizing and ranking of the vulnerabilities as per the severity. It helps with the identification and assessment of threat details, enabling us to keep a resolution to protect them from hackers. The analysis can be done for every industry from Healthcare to Retail to IT.

Objectives of the Vulnerability analysis

  • To identify vulnerabilities – Configuration, system, Design, Code, Process.
  • Documenting the vulnerabilities.
  • Preparation of guidance to mitigate the vulnerabilities.

Importance of Vulnerability Analysis

  • Deep dive insights of the security issues.
  • Helps us understand the risks associated with the entire ecosystem.
    • For security breaches
  • Assets that are prone to cyber attacks.

Steps for the vulnerability Analysis

Master Right Skills & Boost Your Career

Avail your free 1:1 mentorship session

How to check if the organization requires Vulnerability Analysis

Types of Vulnerability Assessment

Network Based Scans

To identify network vulnerabilities. This scan helps to find the vulnerable systems in the wired and wireless networks.

Host Based Scans

This scan is to identify vulnerabilities in the ports, configuration, server workstations, other hosts and patch history.

Wireless Network Scans

Complete scan on wireless networks to find the vulnerabilities.

Application Scans

To test all portals and mobile applications for vulnerabilities.

Database Scans

To scan all the databases for potential vulnerabilities.

Models of Vulnerability in Ethical Hacking

Firewall model

  • Insider attacks -  A Perimeter firewall should be decided and this can take care of the external attacks
  • Missed security patches
    • When the patch management of firewall has not happened
  • Configuration issues
    • If there are faults in the configuration of firewall
  • DDOS attacks
    • Only allow legitimate traffic to avoid these attacks

Password model

To crack the password the hacker uses any of the following – Dictionary, Hybrid model and Brute force

Logical Bombing

This usually happens when the hacker uses a malicious code to inject the web application or the cloud infrastructure

Web Hijacking

This happens when an unauthorized user tries to access the application bypassing the authorization mechanism

Protection from Hacking

We need to follow some simple steps to prevent hacking

  • Updating of Operating systems
  • Installation of the proper firewall to prevent intrusion
  • Destroying all personal information from all the web sources
  • No use of Open Wi-Fi
  • Password – Strong password which is not easy to find out
  • Smart emailing – Avoid opening of phishing mails
  • Keep the sensitive data in the protected environment
  • Ignore spam
  • Shut down the systems after use
  • Secure the network
  • Back up the data

Conclusion

In this article we have discussed the various vulnerabilities that hackers can exploit to gain unauthorized access to a system. Best practices and techniques on how to find the vulnerabilities are also discussed. We have discussed the analysis of vulnerabilities and how it helps in preventing the system from being hacked. Finally, we have discussed models of vulnerabilities in ethical hacking and the ways to keep ourselves protected from hacking.

Vitesh Sharma

221 articles published

Vitesh Sharma, a distinguished Cyber Security expert with a wealth of experience exceeding 6 years in the Telecom & Networking Industry. Armed with a CCIE and CISA certification, Vitesh possesses expe...

Get Free Consultation

+91

By submitting, I accept the T&C and
Privacy Policy