SlideShare a Scribd company logo

Understanding Vulnerabilities in Software

Download as DOCX, PDF
N
Nicole Gaehle, MSIST

To familiarize ourselves with vulnerability databases, their terminology, standards, and procedures to share vulnerability data. To understand how these data sources are integrated into commercial security software tools that help organizations manage their vulnerabilities. These software tools are generally grouped under the term “vulnerabilities scanners” (or similar terms). To examine a few “classic” vulnerabilities in depth to get a sense of just how vulnerabilities expose systems to exploitation.

Technology
1 of 8
INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 1 of 8 Points Possible: 100 Due Date: March 15, 2016 by 11:59pm Central Time Overview A commonthreadinmost breachesof informationsecurityisthe presence of vulnerabilitiesin the entitieswhichare supposedtobe protected.Vulnerabilitiesare, simply,weaknessesinsoftware, systemsecurityprocedures,internal controls,orimplementationthatcouldbe exploited.Thatis, vulnerabilitiesare specificweaknessesthatcould be used by“threatagents”(maliciousornon-malicious actors) toendangeror cause harm to an informationasset. RFC 4949 explainsvulnerabilitiesquitewell:“A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. A system can have three types of vulnerabilities: (a) vulnerabilities in design or specification; (b) vulnerabilities in implementation; and (c) vulnerabilities in operation and management. Most systems have one or more vulnerabilities, but this does not mean that the systems are too flawed to use. Not every threat results in an attack, and not every attack succeeds. Success depends on the degree of vulnerability, the strength of attacks, and the effectiveness of any countermeasures in use. If the attacks needed to exploit a vulnerability are very difficult to carry out, then the vulnerability may be tolerable. If the perceived benefit to an attacker is small, then even an easily exploited vulnerability may be tolerable. However, if the attacks are well understood and easily made, and if the vulnerable system is employed by a wide range of users, then it is likely that there will be enough motivation for someone to launch an attack.” TO DO: To understandhowvulnerabilitiesfitintothe overall conceptof abreachplease visit: http://en.wikipedia.org/wiki/Threat_(computer)#Phenomenology andstudythe diagramwith accompanyingdescription. Vulnerabilitiesinsoftware,inparticular, alsohave the potential forgreatdamage when exploited.If maliciousactorsare able todevelop software ortechniquesthatcan“exploit”such vulnerabilities,the consequencescouldbe devastating. Thus,informationsecurityprofessionals,system administrators,riskmanagers,andITprofessionalsingeneralmustcontinuously1) Identifyand2) Mitigate vulnerabilities(byimplementingappropriate controls). The issue isthat there are thousandsof such KNOWN vulnerabilitiesandnew onesbecome knowneachday. Asan aside, of course theymay be manyvulnerabilitiesthatare neverfoundbythe organizationsthatdevelopsoftware butare knowntomaliciousactors.We call attacks associatedwith such unknownoryetto be fixedvulnerabilitiesas“ZeroDay Attacks”. Thus,both the identification of vulnerabilities (forexample figuringoutall the known vulnerabilitiesof acertainversionof Word Pressblogsoftware beforeupgradingtothatversion) aswell as mitigation of vulnerabilities (thatis,doingsomethingasinstallingpatches,reconfiguringthe system, shuttingdownopenportsetc.,all of whichare formsof “control”) remaina challenge.
INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 2 of 8 To addressthisissue the National Institute of StandardsinTechnology(NIST) andmany independentcommunityeffortshave attemptedtocreate global “databases”of KNOWN vulnerabilities, theirpotential forimpact,andtechniquesformitigatingthem. Lab Purpose: 1) To familiarizeourselveswith vulnerabilitydatabases,theirterminology,standards,and procedurestoshare vulnerabilitydata. 2) To understandhowthese datasourcesare integratedintocommercial securitysoftwaretools that helporganizationsmanage their vulnerabilities. These software toolsare generallygrouped underthe term“vulnerabilitiesscanners”(orsimilarterms). 3) To examine afew “classic”vulnerabilitiesindepthtogeta sense of justhow vulnerabilities expose systemstoexploitation. Lab Tasks: There are twotasks forthislab: Task 1 andTask 2. TASK 1: Overview TO DO: Visithttp://en.wikipedia.org/wiki/Vulnerability_database andreadthe short introduction. TO DO: 1. Visitthe National VulnerabilityDatabase (NVD) siteathttps://nvd.nist.gov andspendtimeto readthe aboutand FAQpages.The ideaisto understandjustwhatNVDis. 2. Visitthe “OpenSourcedVulnerabilityDatabase (OSVDB)site at http://www.osvdb.org andagain try to readabout and FAQpages(See ProjectInfotab).Thisisa non-governmentalefforttodo essentiallythe same thingasthe NVD. 3. Visitthe MicrosoftSecurityBulletinssite at https://technet.microsoft.com/security/bulletin/ and geta sense of whatisavailable.The MicrosoftSecurityBulletinsare notificationsabout knownvulnerabilitiesinMicrosoftsoftware. As youmay understandbynow,the above resourcesare attemptingtoprovide informationonknown vulnerabilitiessothatusersmay take stepsto mitigate those vulnerabilities.However,giventhere are so manyvulnerabilities,we needsome systemtokeeptrackof them. That is,do we have some type of ID for eachof these vulnerabilities?Turnsout,the NVDusesa systemknownasthe “Common VulnerabilitiesEnumeration (CVE)”thatessentiallyprovidesunique identifierstoeachvulnerability. Such IDsare called“CVE-ID”.Of course Microsofthas itsownsystem to uniquelyidentifyits vulnerabilities.Itsimplynumbers eachvulnerabilityusinga“BulletinNumber”(see the securitybulletin page above).Mostof these “databases” also make some attempt to “map” each other’s IDs! TO DO: 1) Visitthe WikipediaentryonCVEandread at leasttill the sectiononCVEIdentifiers. http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures 2) Alsobrieflyvisit http://cve.mitre.org/cve/identifiers/index.html
INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 3 of 8 By now,youunderstandthat: 1) There are databasesforvulnerabilitiesinsoftware (The NVDbeingmostprominentandwidely used) and 2) These databasesmustuse IDsto uniquelyidentifyeachvulnerability. However,isjustknowing aboutvulnerabilitiesenough?How aboutif we have some indicationof “just howbad the vulnerabilityis”?Turnsout,the NVDusesa systemcalled“CommonVulnerabilityScoring System(CVSS)”thatprovidesjustsuchanindication.The CVSSallowsustoprovide quantifiable metrics on useful characteristicsof eachvulnerabilityaswell asgetsome sense of justhow badan impact itcan have on our IT assets. TO DO: 1) Visitthe CVSSdescriptionpage onNVD’ssite at https://nvd.nist.gov/cvss.cfm andreadthrough. 2) Visitthe official CVSS - Version3standards pageshttps://www.first.org/cvss/user-guide and https://www.first.org/cvss/specification-document.Use these pages tobriefly (butinyourown wordsto the extentpossible) answerthe followingquestions. a. NOTE: The currentCVSSstandardis at Version3.The earlierversion,2,isstill inuse. Newvulnerabilities fromsometimeinlate 2015 startedto be scoredon bothversion3 and version2systems. Answer Questions: (PLEASE EXPLAIN CONCEPTSIN OWNWORDS. “COPY/PASTE” ANSWERSWILLNOT RECEIVE ANY CREDIT) 1. The CVSSVersion3 iscomposed ofthree “metric groups,Base, Temporal,and Environmental,each consistingofa set of metrics.” Briefly explainwhat each grouprepresents. Base Metric Group consistsof exploitability metrics including theattackvector, attack complexity,privilegesrequired, and user interaction.It also representsthe intrinsic characteristicsof a vulnerabilitythatare constantovertimeand acrossuser environments. Exploitabilitymetrics reflect theease and technical means.ImpactMetricsreflect the direct consequenceof a successfulexploitand representthe consequenceto an item that suffersthe impact. TemporalMetric Group consistsof exploitcode maturity,remediation level,and report confidence.Thismetric doesreflect the characteristicsof a vulnerability that may changeovertie butnot acrossuserenvironments. EnvironmentalMetricGroup consistsof modified basemetrics,confidentiality requirement, integrity requirement,and availability requirement.Thismetric doesreflect the characteristicsof a vulnerabilitythatare relevantand uniqueto a particularuser’senvironment(homecomputer). This group doesallowto promoteordemotethe importanceof a vulnerablesystemaccording to the businessrisk. 2. The “Base” metric groupconsistsof two types of metrics: 1) ExploitabilityMetricsand2) Impact Metrics. Withinthe Exploitabilitymetrics,brieflyexplaineachofthe followingmetricswhile identifyingthemetric valuesandtheir meanings:
INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 4 of 8 2.1. Attack Vector: Thisreflectsthe contextwhichvulnerabilitiesexploitationispossible.The metric valuesknownasPLAN (Physical,Local,Adjacent,Network) differentaspects.Physical is describedasthe physical accessrequirementthatattackersneedtophysicallytouchor manipulate the vulnerable component.Local isdescribedasthe local accesswhere the vulnerable componentisnotboundto the networkstackand the attacker’spath isviathree differentcapabilitiesknownasread/write/execute capabilities.Adjacentisdescribedasthe adjacentnetworkwhichthe vulnerable componentisboundtothe networkstack.Howeverthe attack is limitedtothe same sharedphysical orlogical network,andcannotbe performed across an OSIlayerlike a router.Networkisdescribedasthe networkaccessmeansthe vulnerable componentisboundtothe networkstackand the attacker’spath isthoughOSI Layer 3. Thisis alsoknownto be remotelyexploitable. 2.2. Attack Complexity:Thisreflectsthe conditionsbeyondthe attacker’scontrol thatmustexistin orderto exploitthe vulnerability.The metricvaluesare basedonLH (Low and High).Low meansthat an attackercan gainaccessoverand overagain withsuccessbecause the specializedconditionsorextenuatingcircumstancesdonotexist.Highmeansthatanattacker can be successful butnotoverandoveragain.The highmetricvalue isdeepertopenetrate and the attacker themselvesmustinvestinsome measurable amountof effortinpreparationor executionagainstthe vulnerable componentbefore asuccessful attackcanbe expected. 2.3. PrivilegesRequired:Thisreflectsthe level of privilegesanattackermustpossessbefore successfullyexploitingthe vulnerability.The metricvaluesare basedonNLH(None,Low,and High).None meansanattacker isunauthorizedpriortoattackand therefore doesnotrequire any accessto anythingtobe able to carry out the missionedattack.Low iswhere the attackeris authorized(employee) thathasthe basicusercapabilitiesthatcouldnormallyaffectonlythe settingsandfilesbyownedbyauser. High iswhenan attackerhas a lot of authority (administration) andasignificantamountof control overthe vulnerable componentthatcan affectan organizationatitsentirety. 2.4. UserInteraction: Thismetriccapturesthe requirementof auser,otherthan the attacker,to participate inthe successful compromise of the vulnerablecomponent(ex.GUI-Graphical User Interface).The metricvaluesare RN (RequiredandNone).Requiredconsistsof the successful exploitationof thisvulnerabilityrequiresausertotake some actionbefore the vulnerabilitycan be exploited.None meansthatthe vulnerabilitycanbe exploitedwithoutinteractionfromany user. 3. The CVSS-Version3also includesthe idea of “AuthorizationScope” (see section2.2 in the https://www.first.org/cvss/specification-document).Brieflyexplainthe ideaof“Scope” as used here. Scope referstothe collectionof privilegesdefinedbyacomputingauthoritywhengranting access to computingresources.The privilegesare assignedbasedonsome methodof identificationandauthorization.The authorizationitself maybe simpleorlooselycontrolled basedon the predefinedrulesorstandards.Scope hastwo metricvalueswhichischangedand unchanged.Changediswhenanexploitedvulnerabilitycanaffectresourcesmanagedbythe same authority.Unchangedisan exploitedvulnerabilitythatcan affectresourcesbeyond authorizationprivilegesintendedbythe vulnerable component.Soinregardstwoindividualsof
INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 5 of 8 the same authorityissimplycontrolledandisunchanged.Where whenyouhave ahigher authorityanda lowerauthorityindividual thenthatmeansitislooselycontrolledwhichmeans changed. 4. The “Base” metricgroup also consists of “Impact Metrics.” Brieflyexplaineachwhile identifying the metricvalues and theirmeanings: 4.1. ConfidentialityImpact:Thismetricmeasuresthe impactto the confidentialityof the informationresourcesmanagedbyasoftware componentdue toa successfullyexploited vulnerability.The metricvaluesare high,low,ornone.Highiswhere atotal lossof confidentiality,resultinginall resourceswithinthe impactedcomponentbeingdivulgedtothe attacker.So if an attacker attemptsthiswouldleave them withlotsof informationespeciallyif theygetan administratorspassword.Low iswhere there issome lossof confidentiality.Soonly some restrictedaccessisobtainedbythe attackerbut theydonot have control overall informationlikeanadministratorwould.Theywouldbe like aregularemployee thathas limitedinformation.None iswhenthere isnolossof confidentialitywithinthe impacted component.Inwhichcase the attacker hadno successhere. 4.2. IntegrityImpact: Thismetricmeasuresthe impactto integrityof asuccessfullyexploited vulnerability.The metricvaluesstayconsistentwithconfidentialityinregardstohavinghigh, low,andnone.Highis where the metrichasa total lossof integrityora complete lossof protection.Forexample, inFerrisBueller’sDayOff Ferrisgetsintothe computersystemand wipesoutall hisattendance issuessohisparentsdonotfindout.Low iswhere the modification of data ispossible butthe attackerdoesn’thave control overthe consequence of modification or the amount of modificationisconstrained.Inwhichcase if Iwere the attachedthenI would not make a seriousimpactonthe impactedcomponent.None iswhenthere isnolossof integritywithinthe impactedcomponent.Inregardstome beingthe attackerthenI wouldnot have beenable tomodifyanytype of files. 4.3. AvailabilityImpact: Thismetricmeasuresthe impactto the availabilityof the impacted componentresultingfromasuccessfullyexploitedvulnerability. The metricvaluesstay consistentwithconfidentialityandintegrityinregardstohavinghigh,low,andnone. Highis where the metrichasa total lossof availabilityresultinginthe attackerbeingable tofullydeny access to resourcesinthe impactedcomponent;thislossiseithersustainedorpersistent.For example,the 1983 movie War Gamesthere isa kid thatplaysa game calledWARand whathe doesn’tknowisthathe istakingoverthe US governmentmachine.Inwhichcase thisdoesn’t allowthe governmentthe availabilitytouse theirownmachinestodotheirjob.Low iswhen there isreducedperformance orinterruptionsinresource availability.In the 1995 filmHackers the IT Company’ssecurityofficerislimitingthe availabilitytoall resourcesbecausehe hadput somethingintothe systemtoblockthemfromnoticingthathe isstealingfromthe company. None iswhenthere isnoimpact to availabilitywiththe impactedcomponent. So nowyouunderstandhowvulnerabilitiesare “scored”usingthe metricsyoulearnedabove.Although yousee “qualitative”valuesforeach metrics(e.g.,High,Medium,Low),the CVSSsystemassigns numberstoeach of these valuestocome up witha NumericScore rangingfrom0 to 10. We don’tneed to understandthe “formula”theyuse fornow butyou can see ithere: https://www.first.org/cvss/specification-document#i8
INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 6 of 8 Overall,youhave thusfarseenthat: 1) There are databasesof software vulnerabilities(e.g.,the NVD). 2) There are unique identifiers(e.g.,CVE-ID) foreachvulnerabilitysothatwe can tell themapart and track them. 3) We have approachesto“quantify”the characteristicsof eachvulnerability(e.g.,whatisits access vector,howeasyitis to accessit, how easyitis to exploitit…) aswell itsimpact(e.g., confidentialityimpact,etc.) TASK 2: Examining two well-known vulnerabilities Here,we will lookattwowell-knownvulnerabilitiesthathave provenquite damagingtosecurity.One is prettyoldand the otherfairlyrecent.The ideaisto use whatyou learnedinTASK1 to “gauge”these twovulnerabilities. TO DO: 1. Visitthe National VulnerabilityDatabase (NVD) VulnerabilitySearchpage at https://web.nvd.nist.gov/view/vuln/search andsearchforthe followingtwovulnerabilities. a. Searchfor vulnerabilitywithCVE-ID:CVE-2008-4250 b. Searchfor vulnerabilitywithCVE-ID:CVE-2014-0160 2. Answer Questions: 2.1. For each, please note down the following: [NOTE:These are CVSS Version2 scoresas version 3 was not implementeduntil 2015) (Define) CVSSBase Score: The CVSSbase score isthe base metricgroup that capturesthe characteristics of a vulnerabilitythatare constantwithtime and acrossuser environments. Impact Subscore:Thisispart of the base score that calculatesthe impact. ExploitabilitySubscore:Underthe metricgroupsthere are temporal metricsinwhich exploitabilityfallsunder. Thismetricmeasuresthe currentstate of exploittechniquesorcode availability. AccessVector:Thisis one of the base metrics.Thismetricreflectshow the vulnerabilityis exploited. AccessComplexity:Thisisanotherbase metric.Thismetricmeasuresthe complexityof the attack requiredtoexploitthe vulnerabilityonce anattackerhasgainedaccessto the target system. Authentication:Thisisanotherbase metric.Thismetricmeasuresthe numberof timesan attackermust authenticate toa targetin orderto exploitavulnerability.
INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 7 of 8 2.2. Discuss the differences betweenthe twovulnerabilitiesacross the above metrics. Is the secondone somehow“lesssevere” thanthe first? Is the “Impact Type” ofone worse than the other? (whichvulnerabilityisworst based on scores:do research) Hints: searchfor more informationonthese vulnerabilitiesonline.The secondvulnerabilitywas foundjustlastyear andhas beenknownasthe “heartbleed”vulnerability.The first vulnerabilityisalsoknownasthe “MS08-067” vulnerability.Thatnumberisactuallythe ID (BulletinNumber) Microsoftgave tothatvulnerability. Big Picture Discussion (answer these questions in your homework and be ready to discuss in class): Answer Questions: 2.3. Based on your reading and opinion,what purpose do you thinksuch vulnerabilitydatabases serve? I believethatthe purpose of vulnerabilitydatabasesistohelporganizationsouttocatch those wantingtohack theirsystemshowevertheycan.Sotheyserve toblockthose attackersas bestas theycan. 2.4. Are theyactually useful?Whyor why not? Yes theyare useful because itismostlikelythatthe vulnerabilitydatabasesdocatchthe necessaryattacksthat couldor are beingattackedby. 2.5. What happensonce a vulnerabilityhas beenaddedto a database? That is,what can we do about it? How do we find out what to do? Once a vulnerabilityis addedtothe database itisthenevaluatedtosee if thisthreatis bigenoughto getrid of or if theycan chance it goingthrough.Insome casesif you receive aTrojanhorse threat thenthe companywill needtoprotectitfromtheir organization.Where inothercasesif itisjustphishingemailsthentheycanchance and hope theirassociatesare notgoingto openthe email fully. SUBMISSIONINSTRUCTIONS: 1. Type your answerswithinthisdocumentorcreate a new document.Be sure to name your documentinthe followingformat: FirstName_LastName_Assignment3 2. Submitthe documentviathe “Assignment 3” assignmentpage onMyGateway.Be sure to hit submit.
INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 8 of 8 PENALTY FOR LATE SUBMISSIONS: Late submissionswillreceive a10% automaticdeductionforeach24 hour periodafterthe due date/time until nopointsremain. GETTING HELP: 1. Visittutorsinthe CITIL (ESH 204). InformationlistedonMyGateway/FacultyInformation. 2. Call (314-489-9733) / email (shajikhan@umsl.edu)instructoranytime.

Recommended

Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and RiskSecPod Technologies
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And RiskChandrashekhar B
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architectureUltraUploader
 
Iaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd Iaetsd
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 

Recommended

Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and RiskSecPod Technologies
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And RiskChandrashekhar B
 
A network worm vaccine architecture
A network worm vaccine architectureA network worm vaccine architecture
A network worm vaccine architectureUltraUploader
 
Iaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd Iaetsd
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingYogeshIJTSRD
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
How to Audit
How to AuditHow to Audit
How to Auditayousif
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORNeha Rana
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityijcsa
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci complianceShiva Hullavarad
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsKaspersky
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsPivotPointSecurity
 
Behavioral and performance analysis model for malware detection techniques
Behavioral and performance analysis model for malware detection techniquesBehavioral and performance analysis model for malware detection techniques
Behavioral and performance analysis model for malware detection techniquesIAEME Publication
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment ReportHarshit Singh Bhatia
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Metascan Multi-scanning Technology
Metascan Multi-scanning TechnologyMetascan Multi-scanning Technology
Metascan Multi-scanning TechnologyOPSWAT
 
Current Topics paper A4 submission 4.30.2015 Master Copy
Current Topics paper A4 submission 4.30.2015 Master CopyCurrent Topics paper A4 submission 4.30.2015 Master Copy
Current Topics paper A4 submission 4.30.2015 Master CopyTommie Walls
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisIan G
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architectureUltraUploader
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management SystemIRJET Journal
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideAryan G
 
Antivirus engine
Antivirus engineAntivirus engine
Antivirus enginesoran computer institute
 

More Related Content

What's hot

Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
How to Audit
How to AuditHow to Audit
How to Auditayousif
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORNeha Rana
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityijcsa
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci complianceShiva Hullavarad
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsKaspersky
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsPivotPointSecurity
 
Behavioral and performance analysis model for malware detection techniques
Behavioral and performance analysis model for malware detection techniquesBehavioral and performance analysis model for malware detection techniques
Behavioral and performance analysis model for malware detection techniquesIAEME Publication
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Metascan Multi-scanning Technology
Metascan Multi-scanning TechnologyMetascan Multi-scanning Technology
Metascan Multi-scanning TechnologyOPSWAT
 
Current Topics paper A4 submission 4.30.2015 Master Copy
Current Topics paper A4 submission 4.30.2015 Master CopyCurrent Topics paper A4 submission 4.30.2015 Master Copy
Current Topics paper A4 submission 4.30.2015 Master CopyTommie Walls
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisIan G
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architectureUltraUploader
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 

What's hot (19)

Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
 
How to Audit
How to AuditHow to Audit
How to Audit
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application security
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci compliance
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision Points
 
Behavioral and performance analysis model for malware detection techniques
Behavioral and performance analysis model for malware detection techniquesBehavioral and performance analysis model for malware detection techniques
Behavioral and performance analysis model for malware detection techniques
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
Metascan Multi-scanning Technology
Metascan Multi-scanning TechnologyMetascan Multi-scanning Technology
Metascan Multi-scanning Technology
 
Current Topics paper A4 submission 4.30.2015 Master Copy
Current Topics paper A4 submission 4.30.2015 Master CopyCurrent Topics paper A4 submission 4.30.2015 Master Copy
Current Topics paper A4 submission 4.30.2015 Master Copy
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architecture
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 

Similar to Understanding Vulnerabilities in Software

Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management SystemIRJET Journal
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideAryan G
 
Cm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configurationCm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configurationdcervigni
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Accurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilegeAccurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilegeUltraUploader
 
Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Papitha Velumani
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners Checkmarx
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Auditsijseajournal
 
A trust system based on multi level virus detection
A trust system based on multi level virus detectionA trust system based on multi level virus detection
A trust system based on multi level virus detectionUltraUploader
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkEMMAIntl
 
1. ListfivetypesofsysteminformationthatcanbeobtainedfromtheWindows T.docx
1. ListfivetypesofsysteminformationthatcanbeobtainedfromtheWindows T.docx1. ListfivetypesofsysteminformationthatcanbeobtainedfromtheWindows T.docx
1. ListfivetypesofsysteminformationthatcanbeobtainedfromtheWindows T.docxbraycarissa250
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...IJNSA Journal
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Checking Windows for signs of compromise
Checking Windows for signs of compromiseChecking Windows for signs of compromise
Checking Windows for signs of compromiseCal Bryant
 

Similar to Understanding Vulnerabilities in Software (20)

Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Antivirus engine
Antivirus engineAntivirus engine
Antivirus engine
 
FALCON.pptx
FALCON.pptxFALCON.pptx
FALCON.pptx
 
Cm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configurationCm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configuration
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
Accurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilegeAccurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilege
 
Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Audits
 
A trust system based on multi level virus detection
A trust system based on multi level virus detectionA trust system based on multi level virus detection
A trust system based on multi level virus detection
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
1. ListfivetypesofsysteminformationthatcanbeobtainedfromtheWindows T.docx
1. ListfivetypesofsysteminformationthatcanbeobtainedfromtheWindows T.docx1. ListfivetypesofsysteminformationthatcanbeobtainedfromtheWindows T.docx
1. ListfivetypesofsysteminformationthatcanbeobtainedfromtheWindows T.docx
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
 
Checking Windows for signs of compromise
Checking Windows for signs of compromiseChecking Windows for signs of compromise
Checking Windows for signs of compromise
 

More from Nicole Gaehle, MSIST

Familiarizing with a major ISMS Standard
Familiarizing with a major ISMS StandardFamiliarizing with a major ISMS Standard
Familiarizing with a major ISMS StandardNicole Gaehle, MSIST
 
Analysis: Office of Transfer Services Paper
Analysis: Office of Transfer Services PaperAnalysis: Office of Transfer Services Paper
Analysis: Office of Transfer Services PaperNicole Gaehle, MSIST
 
Entity Relationship Diagram: Weak Entity
Entity Relationship Diagram: Weak EntityEntity Relationship Diagram: Weak Entity
Entity Relationship Diagram: Weak EntityNicole Gaehle, MSIST
 
DIACAP IA CONTROLS Requirements Document
DIACAP IA CONTROLS Requirements DocumentDIACAP IA CONTROLS Requirements Document
DIACAP IA CONTROLS Requirements DocumentNicole Gaehle, MSIST
 
Understanding Internet Protocol (IPv4)
Understanding Internet Protocol (IPv4)Understanding Internet Protocol (IPv4)
Understanding Internet Protocol (IPv4)Nicole Gaehle, MSIST
 
Understanding Layering and Ethernet
Understanding Layering and EthernetUnderstanding Layering and Ethernet
Understanding Layering and EthernetNicole Gaehle, MSIST
 
Analysis: New Threats & Countermeasure in Crime and Cyber Terrorism
Analysis: New Threats & Countermeasure in Crime and Cyber TerrorismAnalysis: New Threats & Countermeasure in Crime and Cyber Terrorism
Analysis: New Threats & Countermeasure in Crime and Cyber TerrorismNicole Gaehle, MSIST
 
Analysis: Guidelines for Securing WLANS and Networks of ‘Things’
Analysis: Guidelines for Securing WLANS and Networks of ‘Things’Analysis: Guidelines for Securing WLANS and Networks of ‘Things’
Analysis: Guidelines for Securing WLANS and Networks of ‘Things’Nicole Gaehle, MSIST
 
Team h hoppers group final presentation
Team h hoppers group final presentationTeam h hoppers group final presentation
Team h hoppers group final presentationNicole Gaehle, MSIST
 

More from Nicole Gaehle, MSIST (19)

Lab: Basic Reconnaissance
Lab: Basic ReconnaissanceLab: Basic Reconnaissance
Lab: Basic Reconnaissance
 
Familiarizing with a major ISMS Standard
Familiarizing with a major ISMS StandardFamiliarizing with a major ISMS Standard
Familiarizing with a major ISMS Standard
 
Analysis: Office of Transfer Services Paper
Analysis: Office of Transfer Services PaperAnalysis: Office of Transfer Services Paper
Analysis: Office of Transfer Services Paper
 
Entity Relationship Diagram: Weak Entity
Entity Relationship Diagram: Weak EntityEntity Relationship Diagram: Weak Entity
Entity Relationship Diagram: Weak Entity
 
Database: PC and Employee
Database: PC and EmployeeDatabase: PC and Employee
Database: PC and Employee
 
Entity Relationship Diagram
Entity Relationship DiagramEntity Relationship Diagram
Entity Relationship Diagram
 
Entity Relationship Diagram
Entity Relationship DiagramEntity Relationship Diagram
Entity Relationship Diagram
 
DIACAP IA CONTROLS Requirements Document
DIACAP IA CONTROLS Requirements DocumentDIACAP IA CONTROLS Requirements Document
DIACAP IA CONTROLS Requirements Document
 
Understanding TCP and HTTP
Understanding TCP and HTTP Understanding TCP and HTTP
Understanding TCP and HTTP
 
Understanding Internet Protocol (IPv4)
Understanding Internet Protocol (IPv4)Understanding Internet Protocol (IPv4)
Understanding Internet Protocol (IPv4)
 
Understanding Layering and Ethernet
Understanding Layering and EthernetUnderstanding Layering and Ethernet
Understanding Layering and Ethernet
 
Virtualization and Linux
Virtualization and LinuxVirtualization and Linux
Virtualization and Linux
 
Analysis: New Threats & Countermeasure in Crime and Cyber Terrorism
Analysis: New Threats & Countermeasure in Crime and Cyber TerrorismAnalysis: New Threats & Countermeasure in Crime and Cyber Terrorism
Analysis: New Threats & Countermeasure in Crime and Cyber Terrorism
 
Analysis: Guidelines for Securing WLANS and Networks of ‘Things’
Analysis: Guidelines for Securing WLANS and Networks of ‘Things’Analysis: Guidelines for Securing WLANS and Networks of ‘Things’
Analysis: Guidelines for Securing WLANS and Networks of ‘Things’
 
Cryptography
CryptographyCryptography
Cryptography
 
Networking Task
Networking Task Networking Task
Networking Task
 
Vm Penetration Test
Vm Penetration TestVm Penetration Test
Vm Penetration Test
 
Reverse Engineering Project
Reverse Engineering ProjectReverse Engineering Project
Reverse Engineering Project
 
Team h hoppers group final presentation
Team h hoppers group final presentationTeam h hoppers group final presentation
Team h hoppers group final presentation
 

Recently uploaded

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Understanding Vulnerabilities in Software

  • 1. INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 1 of 8 Points Possible: 100 Due Date: March 15, 2016 by 11:59pm Central Time Overview A commonthreadinmost breachesof informationsecurityisthe presence of vulnerabilitiesin the entitieswhichare supposedtobe protected.Vulnerabilitiesare, simply,weaknessesinsoftware, systemsecurityprocedures,internal controls,orimplementationthatcouldbe exploited.Thatis, vulnerabilitiesare specificweaknessesthatcould be used by“threatagents”(maliciousornon-malicious actors) toendangeror cause harm to an informationasset. RFC 4949 explainsvulnerabilitiesquitewell:“A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. A system can have three types of vulnerabilities: (a) vulnerabilities in design or specification; (b) vulnerabilities in implementation; and (c) vulnerabilities in operation and management. Most systems have one or more vulnerabilities, but this does not mean that the systems are too flawed to use. Not every threat results in an attack, and not every attack succeeds. Success depends on the degree of vulnerability, the strength of attacks, and the effectiveness of any countermeasures in use. If the attacks needed to exploit a vulnerability are very difficult to carry out, then the vulnerability may be tolerable. If the perceived benefit to an attacker is small, then even an easily exploited vulnerability may be tolerable. However, if the attacks are well understood and easily made, and if the vulnerable system is employed by a wide range of users, then it is likely that there will be enough motivation for someone to launch an attack.” TO DO: To understandhowvulnerabilitiesfitintothe overall conceptof abreachplease visit: http://en.wikipedia.org/wiki/Threat_(computer)#Phenomenology andstudythe diagramwith accompanyingdescription. Vulnerabilitiesinsoftware,inparticular, alsohave the potential forgreatdamage when exploited.If maliciousactorsare able todevelop software ortechniquesthatcan“exploit”such vulnerabilities,the consequencescouldbe devastating. Thus,informationsecurityprofessionals,system administrators,riskmanagers,andITprofessionalsingeneralmustcontinuously1) Identifyand2) Mitigate vulnerabilities(byimplementingappropriate controls). The issue isthat there are thousandsof such KNOWN vulnerabilitiesandnew onesbecome knowneachday. Asan aside, of course theymay be manyvulnerabilitiesthatare neverfoundbythe organizationsthatdevelopsoftware butare knowntomaliciousactors.We call attacks associatedwith such unknownoryetto be fixedvulnerabilitiesas“ZeroDay Attacks”. Thus,both the identification of vulnerabilities (forexample figuringoutall the known vulnerabilitiesof acertainversionof Word Pressblogsoftware beforeupgradingtothatversion) aswell as mitigation of vulnerabilities (thatis,doingsomethingasinstallingpatches,reconfiguringthe system, shuttingdownopenportsetc.,all of whichare formsof “control”) remaina challenge.
  • 2. INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 2 of 8 To addressthisissue the National Institute of StandardsinTechnology(NIST) andmany independentcommunityeffortshave attemptedtocreate global “databases”of KNOWN vulnerabilities, theirpotential forimpact,andtechniquesformitigatingthem. Lab Purpose: 1) To familiarizeourselveswith vulnerabilitydatabases,theirterminology,standards,and procedurestoshare vulnerabilitydata. 2) To understandhowthese datasourcesare integratedintocommercial securitysoftwaretools that helporganizationsmanage their vulnerabilities. These software toolsare generallygrouped underthe term“vulnerabilitiesscanners”(orsimilarterms). 3) To examine afew “classic”vulnerabilitiesindepthtogeta sense of justhow vulnerabilities expose systemstoexploitation. Lab Tasks: There are twotasks forthislab: Task 1 andTask 2. TASK 1: Overview TO DO: Visithttp://en.wikipedia.org/wiki/Vulnerability_database andreadthe short introduction. TO DO: 1. Visitthe National VulnerabilityDatabase (NVD) siteathttps://nvd.nist.gov andspendtimeto readthe aboutand FAQpages.The ideaisto understandjustwhatNVDis. 2. Visitthe “OpenSourcedVulnerabilityDatabase (OSVDB)site at http://www.osvdb.org andagain try to readabout and FAQpages(See ProjectInfotab).Thisisa non-governmentalefforttodo essentiallythe same thingasthe NVD. 3. Visitthe MicrosoftSecurityBulletinssite at https://technet.microsoft.com/security/bulletin/ and geta sense of whatisavailable.The MicrosoftSecurityBulletinsare notificationsabout knownvulnerabilitiesinMicrosoftsoftware. As youmay understandbynow,the above resourcesare attemptingtoprovide informationonknown vulnerabilitiessothatusersmay take stepsto mitigate those vulnerabilities.However,giventhere are so manyvulnerabilities,we needsome systemtokeeptrackof them. That is,do we have some type of ID for eachof these vulnerabilities?Turnsout,the NVDusesa systemknownasthe “Common VulnerabilitiesEnumeration (CVE)”thatessentiallyprovidesunique identifierstoeachvulnerability. Such IDsare called“CVE-ID”.Of course Microsofthas itsownsystem to uniquelyidentifyits vulnerabilities.Itsimplynumbers eachvulnerabilityusinga“BulletinNumber”(see the securitybulletin page above).Mostof these “databases” also make some attempt to “map” each other’s IDs! TO DO: 1) Visitthe WikipediaentryonCVEandread at leasttill the sectiononCVEIdentifiers. http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures 2) Alsobrieflyvisit http://cve.mitre.org/cve/identifiers/index.html
  • 3. INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 3 of 8 By now,youunderstandthat: 1) There are databasesforvulnerabilitiesinsoftware (The NVDbeingmostprominentandwidely used) and 2) These databasesmustuse IDsto uniquelyidentifyeachvulnerability. However,isjustknowing aboutvulnerabilitiesenough?How aboutif we have some indicationof “just howbad the vulnerabilityis”?Turnsout,the NVDusesa systemcalled“CommonVulnerabilityScoring System(CVSS)”thatprovidesjustsuchanindication.The CVSSallowsustoprovide quantifiable metrics on useful characteristicsof eachvulnerabilityaswell asgetsome sense of justhow badan impact itcan have on our IT assets. TO DO: 1) Visitthe CVSSdescriptionpage onNVD’ssite at https://nvd.nist.gov/cvss.cfm andreadthrough. 2) Visitthe official CVSS - Version3standards pageshttps://www.first.org/cvss/user-guide and https://www.first.org/cvss/specification-document.Use these pages tobriefly (butinyourown wordsto the extentpossible) answerthe followingquestions. a. NOTE: The currentCVSSstandardis at Version3.The earlierversion,2,isstill inuse. Newvulnerabilities fromsometimeinlate 2015 startedto be scoredon bothversion3 and version2systems. Answer Questions: (PLEASE EXPLAIN CONCEPTSIN OWNWORDS. “COPY/PASTE” ANSWERSWILLNOT RECEIVE ANY CREDIT) 1. The CVSSVersion3 iscomposed ofthree “metric groups,Base, Temporal,and Environmental,each consistingofa set of metrics.” Briefly explainwhat each grouprepresents. Base Metric Group consistsof exploitability metrics including theattackvector, attack complexity,privilegesrequired, and user interaction.It also representsthe intrinsic characteristicsof a vulnerabilitythatare constantovertimeand acrossuser environments. Exploitabilitymetrics reflect theease and technical means.ImpactMetricsreflect the direct consequenceof a successfulexploitand representthe consequenceto an item that suffersthe impact. TemporalMetric Group consistsof exploitcode maturity,remediation level,and report confidence.Thismetric doesreflect the characteristicsof a vulnerability that may changeovertie butnot acrossuserenvironments. EnvironmentalMetricGroup consistsof modified basemetrics,confidentiality requirement, integrity requirement,and availability requirement.Thismetric doesreflect the characteristicsof a vulnerabilitythatare relevantand uniqueto a particularuser’senvironment(homecomputer). This group doesallowto promoteordemotethe importanceof a vulnerablesystemaccording to the businessrisk. 2. The “Base” metric groupconsistsof two types of metrics: 1) ExploitabilityMetricsand2) Impact Metrics. Withinthe Exploitabilitymetrics,brieflyexplaineachofthe followingmetricswhile identifyingthemetric valuesandtheir meanings:
  • 4. INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 4 of 8 2.1. Attack Vector: Thisreflectsthe contextwhichvulnerabilitiesexploitationispossible.The metric valuesknownasPLAN (Physical,Local,Adjacent,Network) differentaspects.Physical is describedasthe physical accessrequirementthatattackersneedtophysicallytouchor manipulate the vulnerable component.Local isdescribedasthe local accesswhere the vulnerable componentisnotboundto the networkstackand the attacker’spath isviathree differentcapabilitiesknownasread/write/execute capabilities.Adjacentisdescribedasthe adjacentnetworkwhichthe vulnerable componentisboundtothe networkstack.Howeverthe attack is limitedtothe same sharedphysical orlogical network,andcannotbe performed across an OSIlayerlike a router.Networkisdescribedasthe networkaccessmeansthe vulnerable componentisboundtothe networkstackand the attacker’spath isthoughOSI Layer 3. Thisis alsoknownto be remotelyexploitable. 2.2. Attack Complexity:Thisreflectsthe conditionsbeyondthe attacker’scontrol thatmustexistin orderto exploitthe vulnerability.The metricvaluesare basedonLH (Low and High).Low meansthat an attackercan gainaccessoverand overagain withsuccessbecause the specializedconditionsorextenuatingcircumstancesdonotexist.Highmeansthatanattacker can be successful butnotoverandoveragain.The highmetricvalue isdeepertopenetrate and the attacker themselvesmustinvestinsome measurable amountof effortinpreparationor executionagainstthe vulnerable componentbefore asuccessful attackcanbe expected. 2.3. PrivilegesRequired:Thisreflectsthe level of privilegesanattackermustpossessbefore successfullyexploitingthe vulnerability.The metricvaluesare basedonNLH(None,Low,and High).None meansanattacker isunauthorizedpriortoattackand therefore doesnotrequire any accessto anythingtobe able to carry out the missionedattack.Low iswhere the attackeris authorized(employee) thathasthe basicusercapabilitiesthatcouldnormallyaffectonlythe settingsandfilesbyownedbyauser. High iswhenan attackerhas a lot of authority (administration) andasignificantamountof control overthe vulnerable componentthatcan affectan organizationatitsentirety. 2.4. UserInteraction: Thismetriccapturesthe requirementof auser,otherthan the attacker,to participate inthe successful compromise of the vulnerablecomponent(ex.GUI-Graphical User Interface).The metricvaluesare RN (RequiredandNone).Requiredconsistsof the successful exploitationof thisvulnerabilityrequiresausertotake some actionbefore the vulnerabilitycan be exploited.None meansthatthe vulnerabilitycanbe exploitedwithoutinteractionfromany user. 3. The CVSS-Version3also includesthe idea of “AuthorizationScope” (see section2.2 in the https://www.first.org/cvss/specification-document).Brieflyexplainthe ideaof“Scope” as used here. Scope referstothe collectionof privilegesdefinedbyacomputingauthoritywhengranting access to computingresources.The privilegesare assignedbasedonsome methodof identificationandauthorization.The authorizationitself maybe simpleorlooselycontrolled basedon the predefinedrulesorstandards.Scope hastwo metricvalueswhichischangedand unchanged.Changediswhenanexploitedvulnerabilitycanaffectresourcesmanagedbythe same authority.Unchangedisan exploitedvulnerabilitythatcan affectresourcesbeyond authorizationprivilegesintendedbythe vulnerable component.Soinregardstwoindividualsof
  • 5. INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 5 of 8 the same authorityissimplycontrolledandisunchanged.Where whenyouhave ahigher authorityanda lowerauthorityindividual thenthatmeansitislooselycontrolledwhichmeans changed. 4. The “Base” metricgroup also consists of “Impact Metrics.” Brieflyexplaineachwhile identifying the metricvalues and theirmeanings: 4.1. ConfidentialityImpact:Thismetricmeasuresthe impactto the confidentialityof the informationresourcesmanagedbyasoftware componentdue toa successfullyexploited vulnerability.The metricvaluesare high,low,ornone.Highiswhere atotal lossof confidentiality,resultinginall resourceswithinthe impactedcomponentbeingdivulgedtothe attacker.So if an attacker attemptsthiswouldleave them withlotsof informationespeciallyif theygetan administratorspassword.Low iswhere there issome lossof confidentiality.Soonly some restrictedaccessisobtainedbythe attackerbut theydonot have control overall informationlikeanadministratorwould.Theywouldbe like aregularemployee thathas limitedinformation.None iswhenthere isnolossof confidentialitywithinthe impacted component.Inwhichcase the attacker hadno successhere. 4.2. IntegrityImpact: Thismetricmeasuresthe impactto integrityof asuccessfullyexploited vulnerability.The metricvaluesstayconsistentwithconfidentialityinregardstohavinghigh, low,andnone.Highis where the metrichasa total lossof integrityora complete lossof protection.Forexample, inFerrisBueller’sDayOff Ferrisgetsintothe computersystemand wipesoutall hisattendance issuessohisparentsdonotfindout.Low iswhere the modification of data ispossible butthe attackerdoesn’thave control overthe consequence of modification or the amount of modificationisconstrained.Inwhichcase if Iwere the attachedthenI would not make a seriousimpactonthe impactedcomponent.None iswhenthere isnolossof integritywithinthe impactedcomponent.Inregardstome beingthe attackerthenI wouldnot have beenable tomodifyanytype of files. 4.3. AvailabilityImpact: Thismetricmeasuresthe impactto the availabilityof the impacted componentresultingfromasuccessfullyexploitedvulnerability. The metricvaluesstay consistentwithconfidentialityandintegrityinregardstohavinghigh,low,andnone. Highis where the metrichasa total lossof availabilityresultinginthe attackerbeingable tofullydeny access to resourcesinthe impactedcomponent;thislossiseithersustainedorpersistent.For example,the 1983 movie War Gamesthere isa kid thatplaysa game calledWARand whathe doesn’tknowisthathe istakingoverthe US governmentmachine.Inwhichcase thisdoesn’t allowthe governmentthe availabilitytouse theirownmachinestodotheirjob.Low iswhen there isreducedperformance orinterruptionsinresource availability.In the 1995 filmHackers the IT Company’ssecurityofficerislimitingthe availabilitytoall resourcesbecausehe hadput somethingintothe systemtoblockthemfromnoticingthathe isstealingfromthe company. None iswhenthere isnoimpact to availabilitywiththe impactedcomponent. So nowyouunderstandhowvulnerabilitiesare “scored”usingthe metricsyoulearnedabove.Although yousee “qualitative”valuesforeach metrics(e.g.,High,Medium,Low),the CVSSsystemassigns numberstoeach of these valuestocome up witha NumericScore rangingfrom0 to 10. We don’tneed to understandthe “formula”theyuse fornow butyou can see ithere: https://www.first.org/cvss/specification-document#i8
  • 6. INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 6 of 8 Overall,youhave thusfarseenthat: 1) There are databasesof software vulnerabilities(e.g.,the NVD). 2) There are unique identifiers(e.g.,CVE-ID) foreachvulnerabilitysothatwe can tell themapart and track them. 3) We have approachesto“quantify”the characteristicsof eachvulnerability(e.g.,whatisits access vector,howeasyitis to accessit, how easyitis to exploitit…) aswell itsimpact(e.g., confidentialityimpact,etc.) TASK 2: Examining two well-known vulnerabilities Here,we will lookattwowell-knownvulnerabilitiesthathave provenquite damagingtosecurity.One is prettyoldand the otherfairlyrecent.The ideaisto use whatyou learnedinTASK1 to “gauge”these twovulnerabilities. TO DO: 1. Visitthe National VulnerabilityDatabase (NVD) VulnerabilitySearchpage at https://web.nvd.nist.gov/view/vuln/search andsearchforthe followingtwovulnerabilities. a. Searchfor vulnerabilitywithCVE-ID:CVE-2008-4250 b. Searchfor vulnerabilitywithCVE-ID:CVE-2014-0160 2. Answer Questions: 2.1. For each, please note down the following: [NOTE:These are CVSS Version2 scoresas version 3 was not implementeduntil 2015) (Define) CVSSBase Score: The CVSSbase score isthe base metricgroup that capturesthe characteristics of a vulnerabilitythatare constantwithtime and acrossuser environments. Impact Subscore:Thisispart of the base score that calculatesthe impact. ExploitabilitySubscore:Underthe metricgroupsthere are temporal metricsinwhich exploitabilityfallsunder. Thismetricmeasuresthe currentstate of exploittechniquesorcode availability. AccessVector:Thisis one of the base metrics.Thismetricreflectshow the vulnerabilityis exploited. AccessComplexity:Thisisanotherbase metric.Thismetricmeasuresthe complexityof the attack requiredtoexploitthe vulnerabilityonce anattackerhasgainedaccessto the target system. Authentication:Thisisanotherbase metric.Thismetricmeasuresthe numberof timesan attackermust authenticate toa targetin orderto exploitavulnerability.
  • 7. INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 7 of 8 2.2. Discuss the differences betweenthe twovulnerabilitiesacross the above metrics. Is the secondone somehow“lesssevere” thanthe first? Is the “Impact Type” ofone worse than the other? (whichvulnerabilityisworst based on scores:do research) Hints: searchfor more informationonthese vulnerabilitiesonline.The secondvulnerabilitywas foundjustlastyear andhas beenknownasthe “heartbleed”vulnerability.The first vulnerabilityisalsoknownasthe “MS08-067” vulnerability.Thatnumberisactuallythe ID (BulletinNumber) Microsoftgave tothatvulnerability. Big Picture Discussion (answer these questions in your homework and be ready to discuss in class): Answer Questions: 2.3. Based on your reading and opinion,what purpose do you thinksuch vulnerabilitydatabases serve? I believethatthe purpose of vulnerabilitydatabasesistohelporganizationsouttocatch those wantingtohack theirsystemshowevertheycan.Sotheyserve toblockthose attackersas bestas theycan. 2.4. Are theyactually useful?Whyor why not? Yes theyare useful because itismostlikelythatthe vulnerabilitydatabasesdocatchthe necessaryattacksthat couldor are beingattackedby. 2.5. What happensonce a vulnerabilityhas beenaddedto a database? That is,what can we do about it? How do we find out what to do? Once a vulnerabilityis addedtothe database itisthenevaluatedtosee if thisthreatis bigenoughto getrid of or if theycan chance it goingthrough.Insome casesif you receive aTrojanhorse threat thenthe companywill needtoprotectitfromtheir organization.Where inothercasesif itisjustphishingemailsthentheycanchance and hope theirassociatesare notgoingto openthe email fully. SUBMISSIONINSTRUCTIONS: 1. Type your answerswithinthisdocumentorcreate a new document.Be sure to name your documentinthe followingformat: FirstName_LastName_Assignment3 2. Submitthe documentviathe “Assignment 3” assignmentpage onMyGateway.Be sure to hit submit.
  • 8. INFSYS 3848/6828 Assignment – 3: Understanding Vulnerabilities in Software Dr. Shaji Khan Page 8 of 8 PENALTY FOR LATE SUBMISSIONS: Late submissionswillreceive a10% automaticdeductionforeach24 hour periodafterthe due date/time until nopointsremain. GETTING HELP: 1. Visittutorsinthe CITIL (ESH 204). InformationlistedonMyGateway/FacultyInformation. 2. Call (314-489-9733) / email (shajikhan@umsl.edu)instructoranytime.