This component has the auditor discover possible flaws the organization's devices, services, application designs, and networks by testing and comparing them against a variety of online and offline resources (vulnerability databases, vendor advisories, and auditor investigation) to identify known vulnerabilities. Basic vulnerability analysis should be occurring along-side the other activities so that evidence can be gathered from the network, however, deeper research into specific discovered exploits can happen after the on-site audit to fully take advantage of the short time the auditor has on site.
It is not uncommon for a cash-strapped human rights NGO to outsource most of its IT infrastructure to a cloud provider, such as Google Apps, or to ad-hoc services (Dropbox, Yahoo! mail, Wordpress, etc.). A better-resourced organization may be more likely to host its critical services at a remote data center, but not have someone designated to update and patch systems as vulnerabilities are released, or to view the services from a security -- as opposed to availability -- standpoint.
The cleaned up output from any tests used to identify the vulnerability.
Baseline Skills
Vulnerability Scanning: : General TCP/IP and networking knowledge; knowledge of ports, protocols, services, and vulnerabilities for a variety of operating systems; ability to use automated vulnerability scanning tools and interpret/analyze the results
Penetration Testing: Extensive TCP/IP, networking, and OS knowledge; advanced knowledge of network and system vulnerabilities and exploits; knowledge of techniques to evade security detection
Standard: "Vulnerability Analysis - Research Phase" (Penetration Testing Execution Standard)
Framework: "Vulnerability Assessment" (http://www.vulnerabilityassessment.co.uk)
*Resource:* Vulnerability Databases (SAFETAG)
Vulnerability Databases
Standard Vulnerability Analysis - Research Phase (Penetration Testing Execution Standard)
Framework Vulnerability Assessment (http://www.vulnerabilityassessment.co.uk)
Database "CVE Details"
Database "Threat Explorer"
Database "The Exploit Database"
Poster Ultimate Pen Test 2013 (SANS Institute)
Website Vulnerability Scanning
Site: "OWASP ZAP Project Site" (OWASP)
Guide: "The OWASP Testing Project Guide" (OWASP)
User Guide: "OWASP Zap User Guide" (Google Code)
Video Tutorials: "OWASP ZAP Tutorial Videos" (Google Code)
Guide: "7 Ways Vulnerability Scanners May Harm Website(s) and What To Do About It" (White Hat Sec Blog)
Article: "14 Best Open Source Web Application Vulnerability Scanners" (InfoSec Institute)
System Vulnerability Scanning
Project Site: "OpenVAS Project Site" (OpenVAS)
Manual: "OpenVAS Compendium" (OpenVAS)
Guide: "How To Use OpenVAS to Audit the Security of Remote Systems on Ubuntu 12.04" (Digital Ocean)
Guide: "Getting Started with OpenVAS" (Backtrack Linux)
Guide: "Setup and Start OpenVAS" (OpenVAS)
Video Guide: "Setting up OpenVAS on Kali Linux" (YouTube)
ListServ: "OpenVAS Discussion ListServ" (OpenVAS)
Comparison: "Nessus, OpenVAS and Nexpose VS Metasploitable" (HackerTarget)
undefined