Penetration Testing 3 - Vulnerability Assessment.txt

3.1 Vulnerability Assessment. 

	Sometimes a client will only ask for a vulnerability assessment instead of a full pentest. 
	My duty to understand their needs and help. 
	Assessments are often faster and a lighter load to infrastructure. 
	No need to proceed to the exploitation phase. So no cycle. 
	Engagement -> Information Gathering -> Footprint and Scanning -> Vulnerability Assessment -> Reporting
	
	Use of a Vulnerability Scanner
	Use known vulnerabilities and secrurity audits to detect the vulnerabilites in a system. 
	Probes on: 
		Daemons listening on TCP and UDP Ports
		Configuration files of operating systems, software suites, network devices etc. 
		Windows registry entries. 
	Popular options: 
		OpenVAS
		Nexpose
		GFI Lan Guard
		Nessus
	Custom applications need to be tested manually. 
		Learn and understand features
		Understand how data is exchanged
		Understand how it access resources, databases, servers, local/remote files etc. 
		Reverse engineering it's logic. 

3.2 Nessus. 
	Two components. 
		Client - Used to configure scans - Has web interface
		Server - Performs scanning process and reports back to the client. 
			performs scan by sending probes to systems and applicartions and matches reponses against the vulnerability databse. 

	Process of a vulnerability scanner
	1. Determine which hosts are alive and which ports are open
	2. Probe open ports to determine the application name and version. 
	3. Scanner looks up 2. against a list of known vulnerabilities. (List of vulnerabilities can be adjusted). 
	4. Sends probes to verify the vulnerabilty exists. Prone to false positives.